af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe
Size

184KB
MD5

1915331d7e1f24ff82be05fe4877452f
SHA1

b0f5fd8592e1acb1412981d38d11f7a4e06ac735
SHA256

af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99
SHA512

7296cb3df78042d8c2a7b662297ece37d48779fc7aa679daa918f3b2ad919ab81fae310a4d5a629e65a5f53bceed8518f0efe5a268e2be467d76e5d3b611ad80
SSDEEP

3072:UYhdJaonkjKudTXtW3fn86OzWlvnqnxiuE:UYMotqTXY8pzWlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3896	Unicorn-53387.exe
4704	Unicorn-56296.exe
1340	Unicorn-19217.exe
3064	Unicorn-51595.exe
4284	Unicorn-19115.exe
4568	Unicorn-64786.exe
692	Unicorn-63254.exe
3124	Unicorn-10695.exe
5104	Unicorn-39153.exe
4972	Unicorn-26181.exe
1584	Unicorn-24235.exe
4412	Unicorn-18296.exe
2956	Unicorn-54831.exe
4384	Unicorn-9159.exe
3564	Unicorn-57218.exe
4804	Unicorn-56264.exe
4312	Unicorn-56264.exe
3348	Unicorn-3704.exe
3780	Unicorn-56082.exe
4940	Unicorn-426.exe
3212	Unicorn-31022.exe
4364	Unicorn-33867.exe
5024	Unicorn-1194.exe
4184	Unicorn-1386.exe
1720	Unicorn-18910.exe
180	Unicorn-19176.exe
4820	Unicorn-13045.exe
3932	Unicorn-64847.exe
4008	Unicorn-25704.exe
684	Unicorn-7463.exe
4680	Unicorn-36113.exe
1228	Unicorn-56171.exe
1388	Unicorn-21038.exe
5048	Unicorn-8423.exe
868	Unicorn-47266.exe
1752	Unicorn-48299.exe
2428	Unicorn-28433.exe
2220	Unicorn-61682.exe
1236	Unicorn-46415.exe
4964	Unicorn-60150.exe
4316	Unicorn-24789.exe
3344	Unicorn-30161.exe
4992	Unicorn-41867.exe
1292	Unicorn-26600.exe
1512	Unicorn-3448.exe
4524	Unicorn-55250.exe
4776	Unicorn-12100.exe
3848	Unicorn-52946.exe
4328	Unicorn-7274.exe
3252	Unicorn-31400.exe
4072	Unicorn-25064.exe
2376	Unicorn-58120.exe
4960	Unicorn-58312.exe
2964	Unicorn-52182.exe
4440	Unicorn-15633.exe
3956	Unicorn-25567.exe
2188	Unicorn-28043.exe
2380	Unicorn-45266.exe
808	Unicorn-50440.exe
2912	Unicorn-27480.exe
3628	Unicorn-48904.exe
2256	Unicorn-32075.exe
2840	Unicorn-40456.exe
4912	Unicorn-40456.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
3352	4940	WerFault.exe	115
7940	5256	WerFault.exe	206
10352	5672	WerFault.exe	229
10792	6256	WerFault.exe	243
12384	11268	WerFault.exe	579
14580	13916	WerFault.exe	653
6360	4664	Process not Found
8184	18332	Process not Found
10288	17952	Process not Found	1139

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5640	dwm.exe
Token: SeChangeNotifyPrivilege	5640	dwm.exe
Token: 33	5640	dwm.exe
Token: SeIncBasePriorityPrivilege	5640	dwm.exe
Token: SeCreateGlobalPrivilege	8672	dwm.exe
Token: SeChangeNotifyPrivilege	8672	dwm.exe
Token: 33	8672	dwm.exe
Token: SeIncBasePriorityPrivilege	8672	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe
3896	Unicorn-53387.exe
4704	Unicorn-56296.exe
1340	Unicorn-19217.exe
3064	Unicorn-51595.exe
4568	Unicorn-64786.exe
4284	Unicorn-19115.exe
692	Unicorn-63254.exe
3124	Unicorn-10695.exe
5104	Unicorn-39153.exe
4972	Unicorn-26181.exe
1584	Unicorn-24235.exe
4384	Unicorn-9159.exe
2956	Unicorn-54831.exe
4412	Unicorn-18296.exe
3564	Unicorn-57218.exe
4312	Unicorn-56264.exe
4804	Unicorn-56264.exe
3348	Unicorn-3704.exe
3780	Unicorn-56082.exe
4940	Unicorn-426.exe
3212	Unicorn-31022.exe
4364	Unicorn-33867.exe
180	Unicorn-19176.exe
1720	Unicorn-18910.exe
3932	Unicorn-64847.exe
4008	Unicorn-25704.exe
4820	Unicorn-13045.exe
684	Unicorn-7463.exe
4680	Unicorn-36113.exe
1228	Unicorn-56171.exe
1388	Unicorn-21038.exe
5048	Unicorn-8423.exe
868	Unicorn-47266.exe
1752	Unicorn-48299.exe
2428	Unicorn-28433.exe
4964	Unicorn-60150.exe
2220	Unicorn-61682.exe
1236	Unicorn-46415.exe
4316	Unicorn-24789.exe
3344	Unicorn-30161.exe
4776	Unicorn-12100.exe
1292	Unicorn-26600.exe
4992	Unicorn-41867.exe
1512	Unicorn-3448.exe
4524	Unicorn-55250.exe
3252	Unicorn-31400.exe
3848	Unicorn-52946.exe
4328	Unicorn-7274.exe
2376	Unicorn-58120.exe
4960	Unicorn-58312.exe
2964	Unicorn-52182.exe
4072	Unicorn-25064.exe
4440	Unicorn-15633.exe
3956	Unicorn-25567.exe
2188	Unicorn-28043.exe
2380	Unicorn-45266.exe
808	Unicorn-50440.exe
2912	Unicorn-27480.exe
3628	Unicorn-48904.exe
2256	Unicorn-32075.exe
2840	Unicorn-40456.exe
4912	Unicorn-40456.exe
1424	Unicorn-11047.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 3896	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	93
PID 2228 wrote to memory of 3896	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	93
PID 2228 wrote to memory of 3896	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	93
PID 3896 wrote to memory of 4704	3896	Unicorn-53387.exe	95
PID 3896 wrote to memory of 4704	3896	Unicorn-53387.exe	95
PID 3896 wrote to memory of 4704	3896	Unicorn-53387.exe	95
PID 2228 wrote to memory of 1340	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	96
PID 2228 wrote to memory of 1340	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	96
PID 2228 wrote to memory of 1340	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	96
PID 4704 wrote to memory of 3064	4704	Unicorn-56296.exe	99
PID 4704 wrote to memory of 3064	4704	Unicorn-56296.exe	99
PID 4704 wrote to memory of 3064	4704	Unicorn-56296.exe	99
PID 3896 wrote to memory of 4568	3896	Unicorn-53387.exe	101
PID 3896 wrote to memory of 4568	3896	Unicorn-53387.exe	101
PID 3896 wrote to memory of 4568	3896	Unicorn-53387.exe	101
PID 1340 wrote to memory of 4284	1340	Unicorn-19217.exe	100
PID 1340 wrote to memory of 4284	1340	Unicorn-19217.exe	100
PID 1340 wrote to memory of 4284	1340	Unicorn-19217.exe	100
PID 2228 wrote to memory of 692	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	102
PID 2228 wrote to memory of 692	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	102
PID 2228 wrote to memory of 692	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	102
PID 3064 wrote to memory of 3124	3064	Unicorn-51595.exe	103
PID 3064 wrote to memory of 3124	3064	Unicorn-51595.exe	103
PID 3064 wrote to memory of 3124	3064	Unicorn-51595.exe	103
PID 4704 wrote to memory of 5104	4704	Unicorn-56296.exe	104
PID 4704 wrote to memory of 5104	4704	Unicorn-56296.exe	104
PID 4704 wrote to memory of 5104	4704	Unicorn-56296.exe	104
PID 4568 wrote to memory of 4972	4568	Unicorn-64786.exe	105
PID 4568 wrote to memory of 4972	4568	Unicorn-64786.exe	105
PID 4568 wrote to memory of 4972	4568	Unicorn-64786.exe	105
PID 4284 wrote to memory of 1584	4284	Unicorn-19115.exe	106
PID 4284 wrote to memory of 1584	4284	Unicorn-19115.exe	106
PID 4284 wrote to memory of 1584	4284	Unicorn-19115.exe	106
PID 3896 wrote to memory of 4412	3896	Unicorn-53387.exe	107
PID 3896 wrote to memory of 4412	3896	Unicorn-53387.exe	107
PID 3896 wrote to memory of 4412	3896	Unicorn-53387.exe	107
PID 1340 wrote to memory of 2956	1340	Unicorn-19217.exe	108
PID 1340 wrote to memory of 2956	1340	Unicorn-19217.exe	108
PID 1340 wrote to memory of 2956	1340	Unicorn-19217.exe	108
PID 692 wrote to memory of 4384	692	Unicorn-63254.exe	109
PID 692 wrote to memory of 4384	692	Unicorn-63254.exe	109
PID 692 wrote to memory of 4384	692	Unicorn-63254.exe	109
PID 2228 wrote to memory of 3564	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	110
PID 2228 wrote to memory of 3564	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	110
PID 2228 wrote to memory of 3564	2228	af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe	110
PID 3124 wrote to memory of 4312	3124	Unicorn-10695.exe	112
PID 3124 wrote to memory of 4312	3124	Unicorn-10695.exe	112
PID 3124 wrote to memory of 4312	3124	Unicorn-10695.exe	112
PID 5104 wrote to memory of 4804	5104	Unicorn-39153.exe	111
PID 5104 wrote to memory of 4804	5104	Unicorn-39153.exe	111
PID 5104 wrote to memory of 4804	5104	Unicorn-39153.exe	111
PID 4704 wrote to memory of 3348	4704	Unicorn-56296.exe	113
PID 4704 wrote to memory of 3348	4704	Unicorn-56296.exe	113
PID 4704 wrote to memory of 3348	4704	Unicorn-56296.exe	113
PID 3064 wrote to memory of 3780	3064	Unicorn-51595.exe	114
PID 3064 wrote to memory of 3780	3064	Unicorn-51595.exe	114
PID 3064 wrote to memory of 3780	3064	Unicorn-51595.exe	114
PID 4972 wrote to memory of 4940	4972	Unicorn-26181.exe	115
PID 4972 wrote to memory of 4940	4972	Unicorn-26181.exe	115
PID 4972 wrote to memory of 4940	4972	Unicorn-26181.exe	115
PID 4568 wrote to memory of 3212	4568	Unicorn-64786.exe	116
PID 4568 wrote to memory of 3212	4568	Unicorn-64786.exe	116
PID 4568 wrote to memory of 3212	4568	Unicorn-64786.exe	116
PID 2956 wrote to memory of 4364	2956	Unicorn-54831.exe	117

C:\Users\Admin\AppData\Local\Temp\af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe
"C:\Users\Admin\AppData\Local\Temp\af2827ce4e81fe508220a6ed481d4a39b22657a60a6f18c798947be327017d99.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        10⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        11⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        11⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        11⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        10⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        10⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22075.exe
        10⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
        9⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        9⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        9⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        9⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        9⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
        10⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        10⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        10⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        9⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        9⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        9⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        9⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        8⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        8⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        8⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        9⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        9⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        9⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
        9⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        8⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        8⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        8⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        8⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        8⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        8⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        7⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        9⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        10⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        10⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
        9⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        9⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        9⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
        9⤵
        
        PID:17840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        8⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        7⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 616
        8⤵
        Program crash
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        7⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        8⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        9⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7128.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        7⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        8⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        7⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        7⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        6⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        6⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        7⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        7⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        7⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        8⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39315.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        7⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        7⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        6⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        6⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13479.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        8⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        7⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        7⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        7⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
        7⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        7⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
        7⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        6⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14871.exe
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        5⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        9⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        9⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        9⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        9⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31231.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
        8⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        7⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        7⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        9⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        8⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        7⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        7⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        7⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        6⤵
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15777.exe
        6⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        7⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 640
        8⤵
        Program crash
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        7⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        6⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        5⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        6⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        7⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        6⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        6⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        5⤵
        
        PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
        5⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        8⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        8⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        7⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        7⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        7⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        7⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        7⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        6⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        5⤵
        
        PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        7⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        7⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        6⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        6⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        5⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
        5⤵
        
        PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
      4⤵
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        5⤵
        
        PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
      4⤵
      PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
      4⤵
      PID:16992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 720
        6⤵
        Program crash
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        6⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29803.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        8⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        8⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        8⤵
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        7⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        6⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        7⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        6⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
        5⤵
        
        PID:6256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 720
        6⤵
        Program crash
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        5⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        5⤵
        
        PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        8⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
        7⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        7⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        6⤵
        
        PID:17704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        6⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        7⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        7⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        6⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        5⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        5⤵
        
        PID:17800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        6⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        5⤵
        
        PID:17544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        6⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        5⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        5⤵
        
        PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
      4⤵
      PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
      4⤵
      PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
      4⤵
      Executes dropped EXE
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        6⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        5⤵
        
        PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        5⤵
        
        PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12978.exe
        6⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        6⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        5⤵
        
        PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
      4⤵
      PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
      4⤵
      PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
      4⤵
      PID:12264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        5⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        7⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        6⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        6⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        5⤵
        
        PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        6⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        5⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        5⤵
        
        PID:10592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        6⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        5⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
      4⤵
      PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
      4⤵
      PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
      4⤵
      PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        5⤵
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        5⤵
        
        PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
      4⤵
      PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
      4⤵
      PID:9220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
    3⤵
    PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
      4⤵
      PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
      4⤵
      PID:11700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
    3⤵
    PID:10140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
    3⤵
    PID:13144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
    3⤵
    PID:16120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
    3⤵
    PID:4388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        5⤵
        Executes dropped EXE
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        6⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        7⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        6⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        6⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        7⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        6⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61163.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        5⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
        5⤵
        
        PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        5⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        7⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        7⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        6⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        6⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50291.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        6⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        5⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        6⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        5⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        5⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        5⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        5⤵
        
        PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
      4⤵
      PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
      4⤵
      PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
      4⤵
      PID:11148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        7⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42969.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        6⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        6⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        7⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        7⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
        6⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        5⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        5⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
        5⤵
        
        PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        5⤵
        
        PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      4⤵
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        5⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        5⤵
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
      4⤵
      PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
      4⤵
      PID:7360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        7⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        6⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        6⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        5⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
      4⤵
      PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        5⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        5⤵
        
        PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
      4⤵
      PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        5⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        5⤵
        
        PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        5⤵
        
        PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
      4⤵
      PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
      4⤵
      PID:17960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
    3⤵
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42408.exe
      4⤵
      PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
      4⤵
      PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
    3⤵
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
      4⤵
      PID:8460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
    3⤵
    PID:9684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
    3⤵
    PID:13212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
    3⤵
    PID:15532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
    3⤵
    PID:4788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        7⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        5⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        6⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        5⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        5⤵
        
        PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        5⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        5⤵
        
        PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45003.exe
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        5⤵
        
        PID:11268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11268 -s 408
        6⤵
        Program crash
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        5⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        5⤵
        
        PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
      4⤵
      PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3444.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
      4⤵
      PID:8328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        6⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        6⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        5⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        5⤵
        
        PID:18128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52217.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        6⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        5⤵
        
        PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
      4⤵
      PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
      4⤵
      PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64895.exe
      4⤵
      PID:11772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        6⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        5⤵
        
        PID:18248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38705.exe
      4⤵
      PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
      4⤵
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
      4⤵
      PID:12872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
      4⤵
      PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
      4⤵
      PID:18136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
      4⤵
      PID:9824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
      4⤵
      PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
      4⤵
      PID:13916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13916 -s 464
        5⤵
        Program crash
        
        PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
      4⤵
      PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
      4⤵
      PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24965.exe
    3⤵
    PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
      4⤵
      PID:8512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
    3⤵
    PID:9288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
    3⤵
    PID:13160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
    3⤵
    PID:16080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
    3⤵
    PID:6100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        6⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        6⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        6⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19381.exe
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        6⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        5⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
      4⤵
      PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
      4⤵
      PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
      4⤵
      PID:16124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13834.exe
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
      4⤵
      PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
      4⤵
      PID:17848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
    3⤵
    PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
      4⤵
      PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
      4⤵
      PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
      4⤵
      PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
      4⤵
      PID:9876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
    3⤵
    PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
    3⤵
    PID:9268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
    3⤵
    PID:12936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
    3⤵
    PID:6936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
        6⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        5⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        5⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
      4⤵
      PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
      4⤵
      PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
      4⤵
      PID:7832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
    3⤵
    PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        5⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        5⤵
        
        PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
      4⤵
      PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
      4⤵
      PID:10340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
    3⤵
    PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
      4⤵
      PID:8552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
    3⤵
    PID:9840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
    3⤵
    PID:13972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
    3⤵
    PID:17020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
    3⤵
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
      4⤵
      PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
      4⤵
      PID:17208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
    3⤵
    PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
    3⤵
    PID:9468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    3⤵
    PID:12864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
    3⤵
    PID:16264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
    3⤵
    PID:9780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53592.exe
  2⤵
  PID:5824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
    3⤵
    PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
      4⤵
      PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
      4⤵
      PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
      4⤵
      PID:16812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
    3⤵
    PID:9800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
    3⤵
    PID:12380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
    3⤵
    PID:16228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
    3⤵
    PID:5384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
  2⤵
  PID:8024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
    3⤵
    PID:10740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
    3⤵
    PID:13472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
    3⤵
    PID:16408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
    3⤵
    PID:10936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43686.exe
  2⤵
  PID:9752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
  2⤵
  PID:13444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
  2⤵
  PID:16544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4940 -ip 4940
1⤵
PID:364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5256 -ip 5256
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5672 -ip 5672
1⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6256 -ip 6256
1⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 11268 -ip 11268
1⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 13916 -ip 13916
1⤵
PID:14416

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5640

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe

Filesize
184KB

MD5
c77fad36406e3b3343633609cd74676a

SHA1
9cab2f53dd6a8dea59f132cf0ee3311919cd46b0

SHA256
7e8c33fc4f87a935efdd87db5ffeba2eb0348ac4dd24da064a0c680baad17626

SHA512
036c82118d2d82356030092b773f086ae709538d4a37d3a567afe1e976c9b7aba1207f1d5e9951d669e7d5b6a00d214f616375dd7576115a9c994b9cb873ebd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe

Filesize
184KB

MD5
fcd938c34ce17842dbc6bca6ff6c0c06

SHA1
d0408cf5b3898066c363d84a937ec22401fdecbf

SHA256
b0d328577fcddb0e0c23e8c2a82452efb7c9d2e5896db2f30343d298543be6be

SHA512
08e90702666edd379d6b7c2da3323cdf1c0b3bdd794f8fea06f8d10a9e0f53a6b15b315422a2b1357911bbbd1c4ae8c36b4f07bf454af018ad05f88290914e1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe

Filesize
184KB

MD5
56f1ed50fb940cf86144a8595385c5ad

SHA1
6300846f980b6b939f17abd1d3fc34d2c79284c4

SHA256
6a5274b533b4bfce715e527557589ef2b440466a965f60b41523f98503da1053

SHA512
984f027b9651fb1320ddfe5c960c56a707e2477204677725614c2a7e3425f5dc04f6203b05835edd299fd6a18b2d7b463d796fd05c62a78545f5d1c18001adb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe

Filesize
184KB

MD5
6ec7ab3130bf44a1f611cb4045f45fe8

SHA1
711a4c1c2fe3d7dc711ad0e9de73a7482b56005f

SHA256
880706efec0a2e06093cb754698b4a575f7d778886dfd45a79348aa0efc1914c

SHA512
a6a9c8a6dde0a2b5c869b342929ff2050b426cd91c4e2f3681b8aa9b2c46abcc5ecb29519e2fe301423dd095c4d6009cd0ed9e6cbcbdc37f477d7a3badb0fd76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe

Filesize
184KB

MD5
7582b79d7f3aa24e5ea540d26fc9bb47

SHA1
a7f8bceab25a09a3ad45e04493a38e507e61e393

SHA256
ca44f1c3ce7a7a47e15cf97d36b8f80ce8476107e601750bb3b740472a4598a6

SHA512
f8daf5902d8fbb8c248c2129cdaf319e7afd6c78c2422dfff26bd5321fb3e546fe4fe13537dea734f3ad43470d5faca739d4912db0796b8dd44b564daf4d0187

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe

Filesize
184KB

MD5
e4448a4cfe40fc538d027a8a987cd627

SHA1
03e3d93b5fe035ed850d2756ed81a262f300d7a0

SHA256
a83feec8464daf286b42891e7cb3e307c1bee9c0806d5aaca98f5aba167c1c93

SHA512
a84c3c60a9222795001819bfc7260c4022f32971ff1c9bd7da24596cb0cfbe7fd9c8d532ceb26a612ab4d1e3c0579de6c0abcc56822718aff3879d545b0f8a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe

Filesize
184KB

MD5
e91b2c2f01a449e6a756d4efbf22ca10

SHA1
af77dee2e53cf47cbd3e9f271cfd1be3361035c9

SHA256
da6deda890890500edcd327d01a1271b12c9be711faf6fb3652aaca42bdea2cc

SHA512
9dea5c55664e228755a91f21e213adb1d88dd211601976e8a3e0c11699c938f342a0e12ba560f87b39614b9bca20aa48dc707cdb8ea037507cfe24891dcdbb65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe

Filesize
184KB

MD5
500e2d8b8b72043cc5535935f3b2d3e1

SHA1
261209dde90f726b01bfc6be5e11721a6e4ab6f5

SHA256
0dd56f5991c720f0c07d983eca515cc5d3dfd1a5f39dd16759e5d946ce393b16

SHA512
8b3e0ae4d712f222c775ff5cfa6c07d6dc2859b5e7089e5590e54943ab5cb8851af55d48fcdd38b08f7135af5588ff586026691e5318f9a6aab507f23305e2e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe

Filesize
184KB

MD5
5982500bfe7ddf2de289689201a4ddfc

SHA1
7e5ef74f08734aba5356d9e19515623456a9599e

SHA256
1581b8c8de8a822e203fc3b1d69c9db710c7ae3dd23985cdd24cacff59584e2a

SHA512
6e3d3e9935189d072f95b90450c3a6ce8c136818ddcc47b7e6c6e7e4e7f10f16e4fdde6ff93f48945387085d6c64d7fb1e4abd8c5f12b1c002c8283d9794b58a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe

Filesize
184KB

MD5
59859b87900a38d6658e43b352768707

SHA1
d3a363a998bcbd2488db7d015bfbe2f313cd6dfb

SHA256
d73bb5ab792a51912ffa1d03669964f7271e84b6738ac12e4618e13177da3e7c

SHA512
d1c1bbbb8d3f16c3786872e10a754a238e229693ac699b1d209f82521ae8cd210ac72e0d925a14d264606ab678d0362cefe753303cd9a55b692c9dc2eda3474a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe

Filesize
184KB

MD5
fdf2c207cf71cb6267bc44de111b8c7e

SHA1
9416d0c21929395c1b667cf9a25f70129f9aa3fa

SHA256
3a46755ffa5496b681e0c5c4fac896c6acbc60fc97b0f423836efdf5be08d716

SHA512
86e6ade53a752a08ef4780ad85022bf2dbbb94f9ce876fea428bf4777d175d29c3c5a8d10c58f35e192dc5e314ab51345a81ca2c25d8debe247d5c1729c7600c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe

Filesize
184KB

MD5
10a5c1354675bd998af8ca213ad38588

SHA1
16f2c7eb6fed028890a0135c0609ad95032be3d1

SHA256
060cdbef71e5613f8e5c71f3ce62fbdc50ab7f28f22fea3688adb9794d642149

SHA512
b440c73ed29222ce13bc3376f65a6d6844228dc6ce26a4e1d1bc5c47ca35f7614ee0d2b3fc1dc99e3b6f9fe160a9cfbe9896964df36834d245715caf21de6235

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe

Filesize
184KB

MD5
5a2ef3200a58c7d061806a50d08b650e

SHA1
7bf9698273accad76c1836d91904f9d8fea0a099

SHA256
d2addcfe2c876cd383d352333d5b08cbf1967e3364be5488c1fc73d297d50f15

SHA512
f650773b6b6e5d74731ce3544542978aa5369a5e05c71867addaed6c6f28d70cb0b4933a844f20e528fb2cba57470e6c755a509294782a3779ed1bc67c9a02af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe

Filesize
184KB

MD5
3d6609f98af8634f850032137ff9d6ba

SHA1
c48ce8dcd7a22ed25be4027062f444049c2f2f32

SHA256
f5b042703db3d41d60009a0af8e91bbf07a96ab651e0315a065824b80a9efaad

SHA512
adec31cf2ac24749288dbf3cddb9b28d609da878a3792207586f9f6221fa7b311b46c637e02ed3df9df8a3bdb1ac3f348503031ec4600281033d2f17e44b8813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe

Filesize
184KB

MD5
c3178e540aa4ed1be2c3fb7909388658

SHA1
892d56f40d126ac73772b9939260a566351fbf84

SHA256
a9bf3f76d4b0e33d3129a6ae43f65a6de0242af08431d69dd6b157a3a114f418

SHA512
c10ac4a2c521b2ed840e2180c6b089d7eacb60d00765d2fac2855d8afd433766925357e1fa3551bbc466b759132159c8c22556d02d86dea0b61a2eb416f44ba7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe

Filesize
184KB

MD5
c02c7f94dc05fac7cc83ad895a358322

SHA1
b0a919dc6e83581e3c76b9339465693675b42311

SHA256
4c3f00540c6819435a1762057210ee747196f86be8626aea5294cf95b18955d0

SHA512
177ffab87d8510087b4c379010ad81ec3c29f2196c5dcb032612c58585d2d10f242520346d3f9a75a6c7c70db40373cc51d25baea42d194ab6347dc86f5f1159

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe

Filesize
184KB

MD5
4e25c4365dca5e89b70748f46deab917

SHA1
8a787da3af42efa7ee875e971134cd6db7058f0e

SHA256
4af8ad27f7e29980c48a430c5e5a7ac423530a33dc85551f01450514337fdd2d

SHA512
73d4091a9546c9c46a3b277eb1e7246527eda167f13ea495bcb0850a36911ecb843822a0c91ec5815bbc1335f2d6a93dcb98f050a90203876d68abb93ff13978

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe

Filesize
184KB

MD5
18f8dab44c18867ce1e08f876cafb5b6

SHA1
0f86a05f869df786dcb46c278503b3ab3e8f7c43

SHA256
7dd1e38319d234633914566abc651e05a7fbc6dbd9ab36d4c05754dca61bc6e9

SHA512
13c17c008e95c81d7c514162e04f9bd09209bf460fdd195fb05d242723b81f7de0e527b4ce3d91eebf90706e67b17efbb47d94338c3f3ab75b04268741441730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3704.exe

Filesize
184KB

MD5
6b40838ee292496d2174ad3936be2989

SHA1
917d5b8d1232da1006774a64c85336aab303f252

SHA256
dac35db7336e4ed1d0cd2c360cc549d90aa5c926d9e80be4966103482954bd6d

SHA512
7046e095aff33ec8e59c8a16244d6729dedb7635cc0485603fe4aa4b5f938f071dcb1b43585756f54e15f2a835b3e2f5b5812119c84db6c66e6807cf2961fccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe

Filesize
184KB

MD5
ea6b914da7e0644a32a393fb70610e47

SHA1
96aed5ee989cc4cb54fd09de396c212953381bf3

SHA256
43471c9bbf1350abb6ea54092b0b8dbc3884ed3a4fc46f32889f144600a71430

SHA512
ecc7affee98e6f7e9c3304c4ac4cd78057cca49fcc751e487993ad0f684de40bbf88e5894207a835d511512275660607abc20842323f84c8d18f353c5b9c3061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe

Filesize
184KB

MD5
5b1aaf69c30171b575307bc13cd417cb

SHA1
8373f92006c5e1e25f0ba44236466024dc31f0b8

SHA256
2adb162a338edc2658104e890c3feac07d9b2b19ff7d172dc5a1a1f821a8f6a2

SHA512
68928a6dd6d262bf62e66d94b09a63a8aa87c2b6d70180019c1aaec69f097a6a549024178c3e82a21e0c5524801047c61c99922034b93525c3acbdb84c01f705

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48338.exe

Filesize
184KB

MD5
5a8ab1e99d7de016ab4069dd88b3b6ec

SHA1
71339401ae34f3b38daff970a4a20176bc4eda45

SHA256
0dfc8807c39c0f77e4fde937fe5c030d3d1fc6351487e6f961cba8234be3e1dd

SHA512
160bf5494d3ea82f5b5e94549594bdbae9ebffca3db9ddf8370b05522d43f6ac4547034d476ea06bfc35073a8de255ae501449225a839752bbaa283c5dece8af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe

Filesize
184KB

MD5
a8192267edef265ec1d4dcd7e03ef33b

SHA1
569fbc0a4ff2732d205125f5f1f22ca17745becb

SHA256
04eb2142d7e80603d88b8774f74373d7ebddd307a068d1c4a1b04471cb4b7fc2

SHA512
5d3f1557dc95c6475acbcfc66b3f9d6b566dfa06f0bb26b0431f633554b2a9468cf803644c2c4996c4219ef6354be570b682bbcaf29fb6929bc01cb166bd2180

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe

Filesize
184KB

MD5
797a34fdd33bbe97e2afeace1442270b

SHA1
6abb4f111c33ec1c771978c00fa89bfb6459f876

SHA256
57389a77ad67ef83162d46143df2e3da389512ceff9c5c07973e99c07ad557b2

SHA512
db1299d525ffc3ab75ff1301b7b92026ed30cd1815df44d199ad59508eacd3df529140e839f3b3a817468b42206c05dc850571a3df43ef2e0b6508df862ddacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe

Filesize
184KB

MD5
78a05c38abaee1f5461c4383e57b0f12

SHA1
19aa39008464b249466f015f416ac7b51c682fc5

SHA256
09f2fef9b43a3c60e2a94250e760eef722ef183b0401a4982b865cd45fc38391

SHA512
814277a6cb0c5792903455a725288adfa5a8970c367cccfc44556c2e5ea1867a83244ce9b17d8e7b8007b045ce387b9f92521c9a44b9de777b16da94a3f19f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe

Filesize
184KB

MD5
9ab2c1650d6f2c905574d449ee41ddaa

SHA1
ab2c18fcb32ae70ee8a105c654fb5f96141f8947

SHA256
a628b2000be9784c32ca5715ea92496c4ca6d4553c621552ce7aed129fdddf44

SHA512
2f643e7e2ecf2df9cabfc83c13dfb9990ad6af8f9163a58093b77ec965d1cf3ddb0a17e22bab63d7bf33a9a8bf5721de8014d37b3dfd358cd7da499dc964a0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe

Filesize
184KB

MD5
02231b9ad57798fecc29e4a63aeb5155

SHA1
b20f0ba6649bd0806c4054637aaa499ac1c99410

SHA256
c821eb5b1378166952cb87a08d043d5910d35c7cf58bb187b5e045539593c2cf

SHA512
4477fe0a5e23b9769a1271254d381a5199b4d56f90e92d84b691d7420e7c3d0e2e4210a089a8516a76711e2c2311b0e84e1987982096d1e756246fba3ec7fdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe

Filesize
184KB

MD5
85eb7c133bf511ee77e63893ff651275

SHA1
b52dcff422759592f784064f6e03ddbfe16d2329

SHA256
4a37d952df5f9683cad05b204541b2787d358632ce51cc7125d128cd9b556ffc

SHA512
2c5862d0c743661506c31a7bd3ab275ba560c1972bac2e37e2081bd9223a816635a118ea90ec545c184cc89907f2f597d2ab4518d652bbcbd99b06c1decb9b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe

Filesize
184KB

MD5
e8f37c100c7df71bd2f042bf9f25fdae

SHA1
0dcdac70b14e28a0b9ab15dcdfcc183886eacdec

SHA256
0939a0f918bfd9e5f370f5fcd78ebe8d3c65b85d4a7af9306c4573e7bb74a56f

SHA512
862feef941aac1f6678aca01b49f2d18c6f8f7b7a12197a8756226db75f4dfe6a5786c289a5b5ac3f7109adde2e13a49967ff34d5dad67ac185fbefd2427d35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe

Filesize
184KB

MD5
3c0a75acc5cb117c0ce522197e14d6eb

SHA1
0de835a49aecdcd116a30253ef15bd130f4d1063

SHA256
6d1b54d308382e4f42bf4363cb722a5f1b0b20242c86927c5448bd57cfc48450

SHA512
e31db70983c5a4eaac6da68cbd0a1234fbfa69aeeb86394207656c0fb2e1f8b9a90a2c9b59697fd791f8b70a0592ed94c564176722e1532e599e107877004d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe

Filesize
184KB

MD5
afe1dab5e127cf576ba177550baf2e2f

SHA1
27f6c718aa58f4903bd1adaeabb5482e6c38edd8

SHA256
239d2f9cf55209ce27c56cec0c45bfd9c01c0f0c76ec36755176aed1f4ecedc9

SHA512
5462bf2dac438d9fe4d35f4f8c96108aa9be97cedef1fdf46d897ade7d770ba851afb96f9ff426ba21d1c4bbcde135aad36897135675115764c3f0b24af014cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe

Filesize
184KB

MD5
d89561cec11b747f04b60a7d8caee1d6

SHA1
7dd6f82fad755c027fd6d7c2ad4ffb3d0e38b1d5

SHA256
7e0063883d881add8c4121b8698cd3281c4b3a8c8b91b1e24fed6d2093a689ab

SHA512
f4f937619fe8692e2f664160775ee4cd40d4808bd84dc1452a0e9ff58c41dfe09b6e35abe180c951543fa3c1b7b1be8949e56fb80a689dcb11f9d57d8d098622

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe

Filesize
184KB

MD5
e9b85b4373ca61ba2f65e49e6a9b5d91

SHA1
4223c11e67ff2ea2700f2721ded753592265d8be

SHA256
eeed6ad5f1a265ec149a020b3fb166987e147c9f1a45d1cf69a2e7862b440156

SHA512
d14562dee13c8b613a0177bec93ec33d686f2382704f3bcc8a309178c6d8f72b4ef0febbaa4aa7df54a7469cd3a2e8b36dcde55a668f40502efcd2cf9d637b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe

Filesize
184KB

MD5
0e28cc7ac1038bd2bbcd442d1d214cdb

SHA1
e12ab37d3facec31a7a7c91a06f5496585ec89dd

SHA256
e1705abbce2b03ff84d7e7a84bb93bec09989f0415a8322226d663077b0623b8

SHA512
f9851ca2c7793524865c82ae103a088dd3ff973e5d9589ea80b3e1079e6892b6c254cd135577253ca2226ede467c657924c107e387c75aaf17db6019362e17ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe

Filesize
184KB

MD5
0d7ebe39591b34cb211f304b69962bf0

SHA1
31bb9af4aa08a0b94e85245bc9415858def98054

SHA256
39f7b0700d08c16f5fc759b931116ff0a3fc066de7580207978b10150dbae1a6

SHA512
e262cd0f1a8b10144c3bc4d2a43a8e3f05ed83a2f5e20f538547d3f15763fdcf3f75d15c7b1e80b8d01e951718b34c9bdb30a6857bec2875867b313a142e3847

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe

Filesize
184KB

MD5
4469ff356d95b7868a61cc0f69dad8f7

SHA1
556263eec335ddfef18eb2d469ac61402ea4384c

SHA256
241e7633ee128146ac148d0968c9896f2bb8a03cd12c8dae307e4cde7021a12b

SHA512
b8419578c47ec03322f555e68bb3011887a15949fc97d5265eea3d833b05194af2fd41d30acdb01b170ae60d00ac738b23bffba40e7f7541755a434ccfb0db48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe

Filesize
184KB

MD5
0c00a575fa7bfd21919565cd2113fabb

SHA1
987b63b0d2d2d73c1857023adedf51c77100bd71

SHA256
59fe43b843d1446bba3f45554bc6d9d5444075612bd906d59df232a61d2e9533

SHA512
10247f87e8d2bfe21ca997218ea69be85633fc12ba77168fc9b9888e081adef83d0aa7dff24a42e0da46b9b331773b7e0d58522f48462c0cfda9c87a416d7706

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads