662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a

Analysis

max time kernel
85s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe
Size

184KB
MD5

4a58e19ba8c3e195e3f7f4617d0e055f
SHA1

a4d18aa153d4a8d6677f349651f5a61b9fba887b
SHA256

662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a
SHA512

3d524ac9b269ecd14faec03449a366ec5bcf58935386bedda34614239b32592ab35b29412db77237c7e498e2ba5fd0ea33bd40833fcc09c72adc8a055808f828
SSDEEP

3072:hKuk2DoR3rQUrj0NXqrhpWoJLvMqnviuy:hKoo6Oj0OhcoJLEqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3056	Unicorn-2851.exe
3660	Unicorn-53012.exe
1080	Unicorn-29062.exe
3240	Unicorn-60194.exe
4828	Unicorn-36244.exe
4360	Unicorn-21300.exe
3172	Unicorn-41812.exe
4020	Unicorn-31352.exe
4376	Unicorn-3318.exe
3732	Unicorn-23184.exe
3744	Unicorn-49634.exe
3068	Unicorn-21600.exe
1544	Unicorn-35336.exe
1952	Unicorn-29214.exe
3452	Unicorn-59675.exe
4620	Unicorn-44564.exe
4560	Unicorn-16530.exe
2672	Unicorn-26090.exe
4344	Unicorn-8283.exe
2540	Unicorn-14413.exe
4520	Unicorn-51917.exe
2288	Unicorn-28804.exe
2264	Unicorn-55446.exe
116	Unicorn-55446.exe
4396	Unicorn-51170.exe
860	Unicorn-51170.exe
3808	Unicorn-46821.exe
1220	Unicorn-6145.exe
1504	Unicorn-57947.exe
4528	Unicorn-29987.exe
464	Unicorn-19052.exe
4588	Unicorn-51746.exe
4996	Unicorn-27796.exe
2136	Unicorn-43578.exe
3268	Unicorn-33363.exe
4608	Unicorn-52322.exe
1248	Unicorn-12036.exe
4356	Unicorn-13811.exe
4380	Unicorn-47231.exe
4584	Unicorn-32286.exe
1560	Unicorn-32021.exe
1692	Unicorn-48714.exe
4968	Unicorn-3505.exe
2948	Unicorn-64958.exe
5140	Unicorn-36924.exe
5156	Unicorn-21980.exe
5200	Unicorn-22964.exe
5220	Unicorn-48430.exe
5212	Unicorn-48430.exe
5236	Unicorn-44346.exe
5260	Unicorn-34131.exe
5284	Unicorn-60774.exe
5296	Unicorn-47039.exe
5348	Unicorn-28010.exe
5340	Unicorn-28010.exe
5312	Unicorn-12228.exe
5424	Unicorn-62005.exe
5404	Unicorn-7403.exe
5416	Unicorn-62005.exe
5432	Unicorn-16068.exe
5752	Unicorn-8549.exe
5776	Unicorn-15326.exe
5816	Unicorn-22940.exe
5832	Unicorn-18664.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
5716	3808	WerFault.exe	129
5732	1220	WerFault.exe	131
15428	15608	WerFault.exe	739
17312	16852	WerFault.exe	818
16456	16896	WerFault.exe	823
16440	16888	WerFault.exe	822
18980	16756	WerFault.exe	809
18952	16644	WerFault.exe	799

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe
3056	Unicorn-2851.exe
3660	Unicorn-53012.exe
1080	Unicorn-29062.exe
3240	Unicorn-60194.exe
4360	Unicorn-21300.exe
4828	Unicorn-36244.exe
3172	Unicorn-41812.exe
4020	Unicorn-31352.exe
4376	Unicorn-3318.exe
3732	Unicorn-23184.exe
3744	Unicorn-49634.exe
1544	Unicorn-35336.exe
1952	Unicorn-29214.exe
3452	Unicorn-59675.exe
3068	Unicorn-21600.exe
4620	Unicorn-44564.exe
4560	Unicorn-16530.exe
2672	Unicorn-26090.exe
4344	Unicorn-8283.exe
2540	Unicorn-14413.exe
4520	Unicorn-51917.exe
2288	Unicorn-28804.exe
116	Unicorn-55446.exe
2264	Unicorn-55446.exe
4528	Unicorn-29987.exe
1504	Unicorn-57947.exe
464	Unicorn-19052.exe
3808	Unicorn-46821.exe
4396	Unicorn-51170.exe
1220	Unicorn-6145.exe
860	Unicorn-51170.exe
4588	Unicorn-51746.exe
4996	Unicorn-27796.exe
2136	Unicorn-43578.exe
3268	Unicorn-33363.exe
4608	Unicorn-52322.exe
1248	Unicorn-12036.exe
4356	Unicorn-13811.exe
4380	Unicorn-47231.exe
4584	Unicorn-32286.exe
1560	Unicorn-32021.exe
1692	Unicorn-48714.exe
4968	Unicorn-3505.exe
2948	Unicorn-64958.exe
5140	Unicorn-36924.exe
5200	Unicorn-22964.exe
5156	Unicorn-21980.exe
5260	Unicorn-34131.exe
5220	Unicorn-48430.exe
5236	Unicorn-44346.exe
5284	Unicorn-60774.exe
5348	Unicorn-28010.exe
5296	Unicorn-47039.exe
5212	Unicorn-48430.exe
5424	Unicorn-62005.exe
5312	Unicorn-12228.exe
5404	Unicorn-7403.exe
5340	Unicorn-28010.exe
5416	Unicorn-62005.exe
5432	Unicorn-16068.exe
5752	Unicorn-8549.exe
5776	Unicorn-15326.exe
5888	Unicorn-39176.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 3056	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	97
PID 3444 wrote to memory of 3056	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	97
PID 3444 wrote to memory of 3056	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	97
PID 3056 wrote to memory of 3660	3056	Unicorn-2851.exe	101
PID 3056 wrote to memory of 3660	3056	Unicorn-2851.exe	101
PID 3056 wrote to memory of 3660	3056	Unicorn-2851.exe	101
PID 3444 wrote to memory of 1080	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	102
PID 3444 wrote to memory of 1080	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	102
PID 3444 wrote to memory of 1080	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	102
PID 3660 wrote to memory of 3240	3660	Unicorn-53012.exe	104
PID 3660 wrote to memory of 3240	3660	Unicorn-53012.exe	104
PID 3660 wrote to memory of 3240	3660	Unicorn-53012.exe	104
PID 3056 wrote to memory of 4828	3056	Unicorn-2851.exe	106
PID 3056 wrote to memory of 4828	3056	Unicorn-2851.exe	106
PID 3056 wrote to memory of 4828	3056	Unicorn-2851.exe	106
PID 1080 wrote to memory of 4360	1080	Unicorn-29062.exe	107
PID 1080 wrote to memory of 4360	1080	Unicorn-29062.exe	107
PID 1080 wrote to memory of 4360	1080	Unicorn-29062.exe	107
PID 3444 wrote to memory of 3172	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	108
PID 3444 wrote to memory of 3172	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	108
PID 3444 wrote to memory of 3172	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	108
PID 3240 wrote to memory of 4020	3240	Unicorn-60194.exe	110
PID 3240 wrote to memory of 4020	3240	Unicorn-60194.exe	110
PID 3240 wrote to memory of 4020	3240	Unicorn-60194.exe	110
PID 3660 wrote to memory of 4376	3660	Unicorn-53012.exe	111
PID 3660 wrote to memory of 4376	3660	Unicorn-53012.exe	111
PID 3660 wrote to memory of 4376	3660	Unicorn-53012.exe	111
PID 4828 wrote to memory of 3732	4828	Unicorn-36244.exe	112
PID 4828 wrote to memory of 3732	4828	Unicorn-36244.exe	112
PID 4828 wrote to memory of 3732	4828	Unicorn-36244.exe	112
PID 4360 wrote to memory of 3744	4360	Unicorn-21300.exe	113
PID 4360 wrote to memory of 3744	4360	Unicorn-21300.exe	113
PID 4360 wrote to memory of 3744	4360	Unicorn-21300.exe	113
PID 1080 wrote to memory of 3068	1080	Unicorn-29062.exe	115
PID 1080 wrote to memory of 3068	1080	Unicorn-29062.exe	115
PID 1080 wrote to memory of 3068	1080	Unicorn-29062.exe	115
PID 3056 wrote to memory of 1544	3056	Unicorn-2851.exe	114
PID 3056 wrote to memory of 1544	3056	Unicorn-2851.exe	114
PID 3056 wrote to memory of 1544	3056	Unicorn-2851.exe	114
PID 3172 wrote to memory of 1952	3172	Unicorn-41812.exe	116
PID 3172 wrote to memory of 1952	3172	Unicorn-41812.exe	116
PID 3172 wrote to memory of 1952	3172	Unicorn-41812.exe	116
PID 3444 wrote to memory of 3452	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	117
PID 3444 wrote to memory of 3452	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	117
PID 3444 wrote to memory of 3452	3444	662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe	117
PID 4020 wrote to memory of 4620	4020	Unicorn-31352.exe	118
PID 4020 wrote to memory of 4620	4020	Unicorn-31352.exe	118
PID 4020 wrote to memory of 4620	4020	Unicorn-31352.exe	118
PID 3240 wrote to memory of 4560	3240	Unicorn-60194.exe	119
PID 3240 wrote to memory of 4560	3240	Unicorn-60194.exe	119
PID 3240 wrote to memory of 4560	3240	Unicorn-60194.exe	119
PID 4376 wrote to memory of 2672	4376	Unicorn-3318.exe	120
PID 4376 wrote to memory of 2672	4376	Unicorn-3318.exe	120
PID 4376 wrote to memory of 2672	4376	Unicorn-3318.exe	120
PID 3660 wrote to memory of 4344	3660	Unicorn-53012.exe	121
PID 3660 wrote to memory of 4344	3660	Unicorn-53012.exe	121
PID 3660 wrote to memory of 4344	3660	Unicorn-53012.exe	121
PID 3732 wrote to memory of 2540	3732	Unicorn-23184.exe	122
PID 3732 wrote to memory of 2540	3732	Unicorn-23184.exe	122
PID 3732 wrote to memory of 2540	3732	Unicorn-23184.exe	122
PID 4828 wrote to memory of 4520	4828	Unicorn-36244.exe	123
PID 4828 wrote to memory of 4520	4828	Unicorn-36244.exe	123
PID 4828 wrote to memory of 4520	4828	Unicorn-36244.exe	123
PID 1544 wrote to memory of 2288	1544	Unicorn-35336.exe	124

C:\Users\Admin\AppData\Local\Temp\662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe
"C:\Users\Admin\AppData\Local\Temp\662f6c9c2da5fe95f739c0558903fdb46ac67a69194e8a2aea75a3649c01e20a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        10⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        10⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        10⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        9⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        9⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        9⤵
        
        PID:17768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        9⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        9⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        9⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        9⤵
        
        PID:17744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60250.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        9⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        9⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        8⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        8⤵
        
        PID:17764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        8⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        7⤵
        Executes dropped EXE
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        9⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        9⤵
        
        PID:16852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16852 -s 408
        10⤵
        Program crash
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        8⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        7⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        8⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        8⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
        8⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        7⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        6⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        Executes dropped EXE
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        9⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        9⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        9⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        9⤵
        
        PID:17816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        8⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42840.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        8⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        7⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
        8⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        8⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        7⤵
        
        PID:17748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        6⤵
        
        PID:15608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15608 -s 212
        7⤵
        Program crash
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        8⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        8⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        7⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        7⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        7⤵
        
        PID:16644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16644 -s 464
        8⤵
        Program crash
        
        PID:18952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        8⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        10⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        10⤵
        
        PID:16888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16888 -s 408
        11⤵
        Program crash
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        9⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        9⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        8⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        8⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        7⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        7⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        7⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        8⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        8⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
        8⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        8⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        7⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        7⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        7⤵
        
        PID:17904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        6⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        6⤵
        
        PID:18616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64164.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        8⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        7⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        7⤵
        
        PID:18608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        7⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
        5⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        5⤵
        
        PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        7⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        5⤵
        
        PID:17384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
      4⤵
      PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
      4⤵
      PID:10760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
      4⤵
      PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        8⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        8⤵
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        8⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        8⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        7⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        7⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
        6⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        8⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2941.exe
        8⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        7⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        7⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        6⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        7⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        5⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10915.exe
        5⤵
        
        PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        7⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        7⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31348.exe
        6⤵
        
        PID:18628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        6⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        6⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        5⤵
        
        PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        7⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        5⤵
        
        PID:15520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        6⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        5⤵
        
        PID:224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
      4⤵
      PID:17168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        8⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        8⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        7⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56549.exe
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33057.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        6⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        7⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        7⤵
        
        PID:18492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        6⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        6⤵
        
        PID:18568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        5⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        5⤵
        
        PID:18320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        7⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        6⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        5⤵
        
        PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
      4⤵
      PID:416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        6⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      4⤵
      PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 720
      4⤵
      Program crash
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
      4⤵
      PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30482.exe
        6⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        6⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
      4⤵
      PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
      4⤵
      PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
      4⤵
      PID:11644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
      4⤵
      PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
      4⤵
      PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
    3⤵
    PID:8436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
    3⤵
    PID:15412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
    3⤵
    PID:18364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        9⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        9⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        9⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        9⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        8⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        7⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        7⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11899.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        7⤵
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        6⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        8⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        8⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        8⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
        8⤵
        
        PID:18576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        7⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        7⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62998.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        7⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        5⤵
        
        PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        5⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        5⤵
        
        PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      4⤵
      PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
      4⤵
      PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
      4⤵
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46570.exe
        7⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        6⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        5⤵
        
        PID:18396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        5⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
      4⤵
      PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
      4⤵
      PID:5124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1220
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 720
      4⤵
      Program crash
      PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
      4⤵
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        5⤵
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        5⤵
        
        PID:18476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        5⤵
        
        PID:16896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16896 -s 376
        6⤵
        Program crash
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
      4⤵
      PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
      4⤵
      PID:16860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
    3⤵
    PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
      4⤵
      PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
      4⤵
      PID:15552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
    3⤵
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
    3⤵
    PID:12284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
    3⤵
    PID:15404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
    3⤵
    PID:5556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        8⤵
        
        PID:16756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16756 -s 436
        9⤵
        Program crash
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        7⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31879.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        5⤵
        
        PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        6⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
        5⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        5⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
      4⤵
      PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
      4⤵
      PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
      4⤵
      PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62990.exe
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        5⤵
        
        PID:18112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        5⤵
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
      4⤵
      PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
      4⤵
      PID:16540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29772.exe
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
      4⤵
      PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
      4⤵
      PID:17540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
    3⤵
    PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
      4⤵
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
    3⤵
    PID:9180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
    3⤵
    PID:11752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
    3⤵
    PID:15528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
    3⤵
    PID:6056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59675.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59675.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        5⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33742.exe
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        7⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        5⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        5⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        5⤵
        
        PID:17928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
      4⤵
      PID:12676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
      4⤵
      PID:16132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        5⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        5⤵
        
        PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      4⤵
      PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
      4⤵
      PID:16680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
    3⤵
    PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
      4⤵
      PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
      4⤵
      PID:15368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
      4⤵
      PID:18268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
    3⤵
    PID:9076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
    3⤵
    PID:12024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
    3⤵
    PID:15940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9024.exe
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33057.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
      4⤵
      PID:17572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
    3⤵
    PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        5⤵
        
        PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
      4⤵
      PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
      4⤵
      PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
    3⤵
    PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
      4⤵
      PID:13984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
    3⤵
    PID:10100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
    3⤵
    PID:13204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
    3⤵
    PID:14792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
    3⤵
    PID:18972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      4⤵
      PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      4⤵
      PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
      4⤵
      PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
      4⤵
      PID:16664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
    3⤵
    PID:7288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
    3⤵
    PID:11056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
    3⤵
    PID:14992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
    3⤵
    PID:18312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
  2⤵
  PID:6360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
    3⤵
    PID:8748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
    3⤵
    PID:15184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
    3⤵
    PID:5328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
  2⤵
  PID:8516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
  2⤵
  PID:11872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
  2⤵
  PID:15160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
  2⤵
  PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4404,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4604 /prefetch:8
1⤵
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1220 -ip 1220
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3808 -ip 3808
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 15608 -ip 15608
1⤵
PID:16124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 16852 -ip 16852
1⤵
PID:17256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 16896 -ip 16896
1⤵
PID:17328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 16888 -ip 16888
1⤵
PID:17336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 16644 -ip 16644
1⤵
PID:18904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe

Filesize
184KB

MD5
ae116fbef7c3077cd055df9b4613c515

SHA1
96b7b69435da71506accfefbcd336c97d8e90c9e

SHA256
0d87d7102f194762ea9adb72a4b45a97e95d8e3b16986d2fd5f2e36f1f55a8c2

SHA512
138d1ad8d12c8f06b71c19a6f3949630acd3e7788751dfe3e6a6f838442a523bed4b786c9b1d1fb34e869a4948e2deb00b040fdbdda5c983ff8d22e3634218b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe

Filesize
184KB

MD5
e14403bec7e5dd322a01b34a771e6d3f

SHA1
ceb9d56418e18e5611e8bd848c4a941c057ce875

SHA256
1322b35c436d2fe3d3ead4974aeeb56bd6bd673b5f2e0d415e23ce1f9bb443d8

SHA512
b2ed758f708da28bb18ec5c87800a768b509463bfb56f704efc066b76425a6dbb8a218e0654edc4c91b3f75113c2d47ae2163216a56cc98cc40d21e2dcc41131

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe

Filesize
184KB

MD5
4d2f55f0de717c2ffdb0912632b93351

SHA1
53e878d5ee3e1d4b27083a8b9fe7e6ed7d7607b1

SHA256
b0a1d95174a5665a4d9195a3f1424ce6c37427ea9c0debe0c7b29454d63ffd66

SHA512
271c96e0fa4cfe638bbe416baf4d7de2b87274833d409c693bc4853631c5473f88c5d25464d24af7a552a424a7b3738160d33f3ce226519b3586e0e8ea1cd399

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe

Filesize
184KB

MD5
4e5e868040016fbad32214e8e1b8f1ff

SHA1
6af2c0656e238e7068698d58d42d95740bf9f600

SHA256
6060b9d55fa8a69ada85a6543677b28d470e1e663c2488685d3e9b789520629b

SHA512
f5092e5d580022eabddc6f456dcf61b16f3d3485bc75a3ac255c09004c04b063a45b68cbed1713e84ef37ff89092506e9702478141a3e41f95ca6caf1375743d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe

Filesize
184KB

MD5
afa71dee4191a2e1155dc1242b2cf4cf

SHA1
fa3fc403459b0c2cd9a8f845766656f2320eba4c

SHA256
1830bfbacf51e142a1fcb5e58288a71c1adb43bea0ed630a2bfbb550dee1c226

SHA512
504924ddeaca4d812335731c8783ee2aedf7d12c20102f03635edf7fc8c82652a433824ae1fb5500de879d6ebdaf90c3922a2240b4a5feb29f32a53ab225f4f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe

Filesize
184KB

MD5
46e849ee1e5373f96568659fe807113b

SHA1
b6b10ef22280ceaf1975f7c47038208d980da142

SHA256
fdfda20a30bfe41d53a5e3335e8a633c1ff5a605eda7dd362dd24999f114c2bd

SHA512
1b4c598009015ca36cb572e5587bd21dce8dc68b064ad301b36bdac5cff165f87f296075adc295cef7658e0cbc4ab0fbac791b7a5ab2c962b4009796dc02cacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe

Filesize
184KB

MD5
2f5d1957e018fe63fb87e2170af527e5

SHA1
a53533f231f8679c1b89f9a411612b67d25be08d

SHA256
f9013641eb79533150be80ec7d1ca2956d10d4d9c5179b5cf7923ef4a761981b

SHA512
de845880d1c19910d5c64ab0ba37f5c31207f8d0556f0be9efc0314038fafbe4a2b97e61a598c8032519f223185290e4fe99ee5dbd65a4bbc166f5406639fa13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe

Filesize
184KB

MD5
12b2a22bb3e585eda84ad1c64e649e5c

SHA1
26d183f48923e27898db98d5c6ab00b8b1655324

SHA256
e437048f1d8ca4ab2c577474eea858ceb3ff95a0d0f0cc46089b1c2fef665f2c

SHA512
fc845f9d63079e9f5a28ed96a7010e3b878679b46e42a61f0de1e012cf3f44a0b4bf8e667fe7ee90b38f298697406aedf3d85fcfe93478202905287a009f1421

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe

Filesize
184KB

MD5
12a6428a46971f0048a7a7b3ee0ef7ff

SHA1
9a2c3e1bce8bb53eca2460580da119deae812b23

SHA256
d48d190abed6b196ef09fe9e2f47e207515b3ceba32a806c2489d96b819a509f

SHA512
3d0cecb147df27e92e42dad1ff2a3b30e9120371ff8a828e48deb30735d1a462886ca0e45216a86719971a42b7ebc5bb3061dd52dee37c2aa91ac4102889fc7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe

Filesize
184KB

MD5
53b49df553b61a9b16e4c2fa155f67e8

SHA1
666069e4ef90b21f142ef8e4f366fd063c20644f

SHA256
e83d49223ec06dd8384279940f0e4c9294275dea1699e1af1c12beafc4d014fa

SHA512
a1824bf13b3ecf28600a1fc40c1ec3887954a8d65fc559425ab21df2246c685bad0b738be4f35cabc3a28528b76a14f8475a19b1cdd403892c14f4de508a25ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe

Filesize
184KB

MD5
bf20837a428b2798cf0ca0853612340a

SHA1
122a433e5d4daf2218991b2a88efbde3f905c699

SHA256
757be91c832b66b286bfeda9ba7e393da0221e791d42e6affe806e5bc3d1774f

SHA512
ab24e1a3e24f0ed8e26fd7ab098db7c025b5d010794d30636b6523b93222c37f217a67de42d1f6d6e18276080edc4b72796fb13a59c46da9323de63dd0a7e093

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe

Filesize
184KB

MD5
667933fdbcd9d9f924719f85effcf1ab

SHA1
af333f6b80527d62cdcca63fcfa33af639b970bf

SHA256
a9ccc0b654d8e3e2e4b41e6001cfec7f564ee9245829c642f543ee31d2fe447f

SHA512
77f21f21127931efca84b7483a9d66a01e16874ddb47ec3f43dd902c13ab6580b63090dfe95310cc2e1b05fb0686eb7fe44c1f9c668d888d2c323d1542ada6fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe

Filesize
184KB

MD5
324806fe824d394331d0365b88aefae0

SHA1
8d2f7996d7b5d038dc4cdda653cba5e37e822832

SHA256
6d9b136ff23ced68d9b03e2327254da8d8a88f4e2b01bdef67eb852fedb00348

SHA512
7046e7679748d19333b640df49908f7d576ff5aad79c0189cb04dc36ef12dc225f217dd20e9a8b32d2c91edc59fd78d46ab5a2b49eb013dc74ec4fadb0cd4a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe

Filesize
184KB

MD5
2a80165e31c691cef4a5e0960e0f6515

SHA1
71791a75855eb6be16f8675ddc86a43c4f7ea4d3

SHA256
0f5a2d52b0ab7e8d71fd52815b49fac86f91693fbba1d33b87e613ab55c26b2a

SHA512
79c284fa777c80b24e46f40344630f0bab5a9fef09efd5965ce3da39d8ca71e526519b5790bd0710fff559e68f2b445566f227beacb8e6ce77e51c6f35d19a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe

Filesize
184KB

MD5
965bc95821debcfb40b1dedfd1bed5a6

SHA1
aa764a595f57831821dd077d1976a429a9400c17

SHA256
389b9cc067cc2868bc17572c928fe7ee9de7ca7fc0830f485e2733a831438214

SHA512
383cfd92e635c6e3b0989a45d009be5b680ac7fc2965afc54eed4fca7cf5637f87bfa927dd219eef994ac9f7c76da27f1badb1e74e2b3a21debd41e790d33f7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe

Filesize
184KB

MD5
b300102622366e8f12c01d963528731d

SHA1
31f0024d45f51fddfb512819e045a99238a80f0d

SHA256
b0d37428283658a929b74dcb1c7e52719f0fced80d1f0e3420ba626a0a4fed16

SHA512
01f76cb730aec41cabd2184b2bb42a619e79458ef112e4b09fb12d7fb9bf7308d3ce4b2ef726e0c3dc163e857e4b2a8ac86daca7a6d79ffc93bc7688743ff197

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe

Filesize
184KB

MD5
92eda139ef8145bd10f6362858f04125

SHA1
612221d26839b3ce8b88f3d2333886ede430fa79

SHA256
be5b8135fa8907f1a632a6b2c7424d8d9362ada7eadad462d368b3b08ecdac32

SHA512
578c3a71d75feb0f340dbf8e1ed4f695213a79fbe6f88e827cf0c5c7e7908b1cf94e2de822de5b00f1633741a3fbd108b44f001ba6d06f211c9f32d297de0469

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe

Filesize
184KB

MD5
156c7f6178efb68dd892597dd93154e8

SHA1
69c9f65d57cd109c1d19ab9e8bf2a537607c7a03

SHA256
c68772ba41c73b6bbb50c2ffa3d97637b544a444f1c3dffbce13aa98b1807e80

SHA512
4593e8d976558cac1ab2dd3eb8c788a160f0833d6e4144c2786b3d75885edb5b74df462d8520668596f0c8b0e1c77b7f5953fa20127ef95cbedc338f236b76dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe

Filesize
184KB

MD5
4b2e6327478fe4e6fd35bbe941f19c18

SHA1
1e92694cf1b8964e174e931779255fe9e3e219a7

SHA256
cd24e54c2fbe25a9506fb024ab7ae12305ef04edfddf95f564f3df935513a193

SHA512
6976eb20a609dbe682038de9850cdab7a5e5f8979e1a4adb1ec02106907c0aee94a78cea1de76621de0b06880f91f3eb03bcc6e01da8cbf2477c7e7f7e247032

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe

Filesize
184KB

MD5
551eefaf2dff6e2e5e9afaf41013ab64

SHA1
a9cae95db8ecde9f2066f0d43708211d1c818543

SHA256
1dd313c632ed75ff63cc06b192251fcfeefec5b080e7a2a48aff9bf1e575a993

SHA512
242e8348b23a53a8235cb48faa8b3f644bb99833eb788723ae3af749a74a7f0cc9c87d943d399d8e857dc807287dabc92b88d8a1d30d32f494df3cc725146bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe

Filesize
184KB

MD5
e56870d09374fdbd324ecaf9a4393327

SHA1
2c9c8ae7224a665ee51b62e33a9bfda439e48b97

SHA256
7aa005aae9f53821f1586856372747d0fb8df1fd1bec6867c5be4ef0ff31d970

SHA512
ca49c48b176dd58d1ed85b9f7db9a4ca38e6e7d905eb6822a79118162c775211dc0c9aab61bf3a1402ab5aa311b68434e64ba1b3178bc442e07c9908734774ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe

Filesize
184KB

MD5
9b6f6b0278d7a92007f953d9661cab21

SHA1
535e16254dc3645c3261d4b752a8fb9ecb2405a7

SHA256
6d321f74909c0ed192d9f7a51b45278c0d61270f877fd0ac9615af4453c3534f

SHA512
0f8827f8ef2dd57ebcab9054c144b0efbebbe116b4165895c5f2c0b1d9f4d775f2b889c3847350471c29e1cd1ab919b5195e358b2d66d5f6a300337949e457fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe

Filesize
184KB

MD5
ad8613f9649309cfa6b4e60574119fc4

SHA1
0002bf84f1667ee6fc1a74aa1189a45337368889

SHA256
5f3ac57fabd7f082f442cf1ac8b17e76784835f2dd01140cf6dba5acd5e40526

SHA512
40afd19b8bcc492cadf18a74066266558e3cdf4be22a2cc4125b4868eb81c1c8ce4de3946cd736918850b8440117a72cab4b678b537b585ceaa740ced6d976b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe

Filesize
184KB

MD5
47b3646e118caeab2538df7b0396927d

SHA1
ba0ab2971c3b0c656c66b9ce069ce91886e907f4

SHA256
965b0d814db884ff71027479670cfde760612db92d5304572703d7819d85dea4

SHA512
6c12d6c8d7796ef425077c2d0ccec4f8a60101f546c0d27db057272e5a776cee60603c72598a3ee27560570cc171a63212c3897a248cbabd2ee2797ad9b0569b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe

Filesize
184KB

MD5
c65f7b25384e51ab675ad9b95611cfa3

SHA1
a8cfe981e84d99f722a800145df5322d44765295

SHA256
1d8293d3648b437444e70297bb656169ad6592ee87e7e68f7f2401179b385b0a

SHA512
88b7a24cb0c5c07bf20aad83c3194ddff71ee5b07cfbeee5504443820a74d5720a8b6deb4ec9d52cc1db89513884653afe8d42b86973d30f1d34414096dc8b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe

Filesize
184KB

MD5
64b1154ac407ff70b16c2bd13c17096a

SHA1
50dbbeb1f2c3c23e7d3190b789571151c8cd5f24

SHA256
4171c134051e5893fff9ab75daca47934fbde008107c68bbb9041990085fea51

SHA512
08af1d243686e2552e7b1d6e8658719a1eda152238d9b7bf3c6f2e2852ce25badf08ea1948eca863226a560180081b0bb23f16fc5dc024a55ffffc5104caa7d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe

Filesize
184KB

MD5
41b264b3148088f55bf283af8706bcb9

SHA1
cf619d4e8aee29eb768f83543f97245e9ee18080

SHA256
707f462b6f8be7d623ff7b1ce61a389be3b842cbe4e3d2b2f837857c6a484252

SHA512
119d9a0d5ea1b3e0f22c231311821c7c331382ffe4b08f53f635529d8736682ca81b4414707c7a107c5c2654992a328e447c205a53ba6e9147b1a9b74c93a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe

Filesize
184KB

MD5
299fe455313a7e1bbe3f01d58cae105e

SHA1
f1facab96ba2b713da30848e9d942e7c910777c2

SHA256
7aae6813b91a8291ffbb995769b946330ae0e5346d4e6886d7f987e42c443850

SHA512
7896d4830d7f12e23931734301074d13f5b0479c5393ba37006c4ce8fcfd223b139cb9fc975ad28f82eda68ff07c9880dfc03077fb5193f33cf1fda710b22a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59675.exe

Filesize
184KB

MD5
157b6ba81ed523ee34ffde39a8fdb5b8

SHA1
7a90ebd11b82c52bf357deb58b80b86f773cdcdd

SHA256
153ef49f1204810afe471f89af58a8b0822e1f07a8cc3d9839433e0aeebf0feb

SHA512
bcda425e42171e3c6eb881e01a016d38400b8a7c6dc7c2b4ecfdeb424e0c4fe48982fe389098efb3a81bd2a4837e829a4404d8adf364ed990f3ba933f57437cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe

Filesize
184KB

MD5
1fef4dd6f435cf0b6f5f4af361a98ccf

SHA1
fbc47953ac09c20b9a3e09bec39958bcc5cd8a02

SHA256
fb08e22417c35a8dc1dbad79144e79a66cff208c9fc517d8cefd1633ea4ae697

SHA512
c24534c74e02ee4026b9960fec21458f6dd93a5ffccc0b8e198f8d6921c7f2d17350babec22ab2ca31de77b693c89f9dce591128b3c9d78b45d01282d7441d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe

Filesize
184KB

MD5
e6a8b16c413f15480b73088fbf421072

SHA1
f801905c8a7bf8d9aeae0f6be653befc5e3daa9d

SHA256
25c62d056e047ebe96477bcd70a3286d62dffa5c8630fa47722c62998e545825

SHA512
4b5aa2c3f83601436678d25c8244a457f899afa818062d21c9094e36017240022524ea8c85634b77f9edfb945f69b2b25c2c840077fd48a1da6c2b26d4d11b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe

Filesize
184KB

MD5
cadd45f0d12cc878371e8094716480d6

SHA1
c0a52f34fc84c3fd0236cc8bd9c5f74a972630a4

SHA256
3615698ca443dd740e14441faf37e04521a579b27bd5c71938bd39f6a961e109

SHA512
d8ffd0c043c6b31ad997350d0cf72dba1f09ac2a76ee97e20d3a0640ba0828632e3dd3aef36aa7cd01a94f7ba94be66a4ff1c32ff06de15897224b0ccde30312

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads