1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 19:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe
Size

468KB
MD5

b38975e75487611cda6040c24357dd7f
SHA1

5f962f23634814de4939778504984bf0e16533a7
SHA256

1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8
SHA512

606a0d1a55bba000de683aca2c03d2bb7175451c5e68efa048a02391cd692c8ae492a54cdc31bce71c93a350c1343892639069c8a7e302674d3aab9f1a4e0151
SSDEEP

3072:IhTHogIdI05UtbYJHzcjOfG/rChCPIpCnLHegVP7bP3LC7oF3hlY:Ih7ow8UtOH4jOfg0T4bP70oF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4372	Unicorn-12588.exe
5984	Unicorn-30077.exe
4704	Unicorn-30631.exe
4092	Unicorn-59817.exe
6132	Unicorn-44036.exe
5172	Unicorn-53595.exe
396	Unicorn-47465.exe
4504	Unicorn-4176.exe
3288	Unicorn-8260.exe
4500	Unicorn-6869.exe
4008	Unicorn-55415.exe
4544	Unicorn-92.exe
5616	Unicorn-51239.exe
4900	Unicorn-647.exe
4212	Unicorn-24332.exe
3736	Unicorn-40103.exe
2116	Unicorn-24321.exe
640	Unicorn-15406.exe
1320	Unicorn-39911.exe
5024	Unicorn-43995.exe
3184	Unicorn-36381.exe
3240	Unicorn-55982.exe
2208	Unicorn-50117.exe
1848	Unicorn-60331.exe
236	Unicorn-21437.exe
2000	Unicorn-1571.exe
4684	Unicorn-26843.exe
1496	Unicorn-34457.exe
5432	Unicorn-15220.exe
3012	Unicorn-18020.exe
5552	Unicorn-222.exe
4724	Unicorn-39117.exe
2128	Unicorn-19251.exe
912	Unicorn-53407.exe
1956	Unicorn-26673.exe
4612	Unicorn-10891.exe
5212	Unicorn-35609.exe
3260	Unicorn-15743.exe
4888	Unicorn-37555.exe
4572	Unicorn-38109.exe
4360	Unicorn-23719.exe
1868	Unicorn-4690.exe
3296	Unicorn-16677.exe
5104	Unicorn-44161.exe
3468	Unicorn-13434.exe
5660	Unicorn-35993.exe
5388	Unicorn-35993.exe
1548	Unicorn-20211.exe
1120	Unicorn-63190.exe
2964	Unicorn-17519.exe
4288	Unicorn-56413.exe
4648	Unicorn-11031.exe
1704	Unicorn-39977.exe
5720	Unicorn-17519.exe
4532	Unicorn-12473.exe
5308	Unicorn-37176.exe
3016	Unicorn-31808.exe
3512	Unicorn-18073.exe
1408	Unicorn-3320.exe
5424	Unicorn-7959.exe
4376	Unicorn-54467.exe
4860	Unicorn-3988.exe
4592	Unicorn-1950.exe
4804	Unicorn-40845.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
5556	1120	WerFault.exe	139
9316	7092	WerFault.exe	302
10292	7004	WerFault.exe	301
10300	6928	WerFault.exe	330
9384	6960	WerFault.exe	303
11188	6952	WerFault.exe	304
12144	6988	WerFault.exe	300
8944	7412	WerFault.exe	329
16820	14388	WerFault.exe	726
7048	17960	Process not Found	974
4452	18964	Process not Found	1055

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
17100	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18460	dwm.exe
Token: SeChangeNotifyPrivilege	18460	dwm.exe
Token: 33	18460	dwm.exe
Token: SeIncBasePriorityPrivilege	18460	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe
4372	Unicorn-12588.exe
5984	Unicorn-30077.exe
4704	Unicorn-30631.exe
4092	Unicorn-59817.exe
6132	Unicorn-44036.exe
5172	Unicorn-53595.exe
396	Unicorn-47465.exe
4504	Unicorn-4176.exe
3288	Unicorn-8260.exe
4500	Unicorn-6869.exe
5616	Unicorn-51239.exe
4008	Unicorn-55415.exe
4544	Unicorn-92.exe
4212	Unicorn-24332.exe
4900	Unicorn-647.exe
3736	Unicorn-40103.exe
2116	Unicorn-24321.exe
640	Unicorn-15406.exe
1320	Unicorn-39911.exe
5024	Unicorn-43995.exe
3184	Unicorn-36381.exe
3240	Unicorn-55982.exe
3012	Unicorn-18020.exe
5432	Unicorn-15220.exe
2000	Unicorn-1571.exe
1848	Unicorn-60331.exe
2208	Unicorn-50117.exe
4684	Unicorn-26843.exe
236	Unicorn-21437.exe
1496	Unicorn-34457.exe
5552	Unicorn-222.exe
2128	Unicorn-19251.exe
4724	Unicorn-39117.exe
912	Unicorn-53407.exe
1956	Unicorn-26673.exe
4612	Unicorn-10891.exe
5212	Unicorn-35609.exe
3260	Unicorn-15743.exe
4888	Unicorn-37555.exe
4572	Unicorn-38109.exe
4360	Unicorn-23719.exe
1868	Unicorn-4690.exe
3296	Unicorn-16677.exe
5104	Unicorn-44161.exe
3468	Unicorn-13434.exe
5388	Unicorn-35993.exe
5660	Unicorn-35993.exe
1548	Unicorn-20211.exe
1120	Unicorn-63190.exe
2964	Unicorn-17519.exe
4288	Unicorn-56413.exe
4648	Unicorn-11031.exe
5720	Unicorn-17519.exe
1704	Unicorn-39977.exe
4532	Unicorn-12473.exe
3016	Unicorn-31808.exe
5308	Unicorn-37176.exe
3512	Unicorn-18073.exe
1408	Unicorn-3320.exe
5424	Unicorn-7959.exe
4376	Unicorn-54467.exe
4860	Unicorn-3988.exe
4592	Unicorn-1950.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 4372	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	84
PID 4280 wrote to memory of 4372	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	84
PID 4280 wrote to memory of 4372	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	84
PID 4372 wrote to memory of 5984	4372	Unicorn-12588.exe	87
PID 4372 wrote to memory of 5984	4372	Unicorn-12588.exe	87
PID 4372 wrote to memory of 5984	4372	Unicorn-12588.exe	87
PID 4280 wrote to memory of 4704	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	88
PID 4280 wrote to memory of 4704	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	88
PID 4280 wrote to memory of 4704	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	88
PID 5984 wrote to memory of 4092	5984	Unicorn-30077.exe	91
PID 5984 wrote to memory of 4092	5984	Unicorn-30077.exe	91
PID 5984 wrote to memory of 4092	5984	Unicorn-30077.exe	91
PID 4372 wrote to memory of 6132	4372	Unicorn-12588.exe	92
PID 4372 wrote to memory of 6132	4372	Unicorn-12588.exe	92
PID 4372 wrote to memory of 6132	4372	Unicorn-12588.exe	92
PID 4704 wrote to memory of 5172	4704	Unicorn-30631.exe	93
PID 4704 wrote to memory of 5172	4704	Unicorn-30631.exe	93
PID 4704 wrote to memory of 5172	4704	Unicorn-30631.exe	93
PID 4280 wrote to memory of 396	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	94
PID 4280 wrote to memory of 396	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	94
PID 4280 wrote to memory of 396	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	94
PID 4092 wrote to memory of 4504	4092	Unicorn-59817.exe	96
PID 4092 wrote to memory of 4504	4092	Unicorn-59817.exe	96
PID 4092 wrote to memory of 4504	4092	Unicorn-59817.exe	96
PID 6132 wrote to memory of 3288	6132	Unicorn-44036.exe	97
PID 6132 wrote to memory of 3288	6132	Unicorn-44036.exe	97
PID 6132 wrote to memory of 3288	6132	Unicorn-44036.exe	97
PID 5984 wrote to memory of 4500	5984	Unicorn-30077.exe	98
PID 5984 wrote to memory of 4500	5984	Unicorn-30077.exe	98
PID 5984 wrote to memory of 4500	5984	Unicorn-30077.exe	98
PID 4372 wrote to memory of 4008	4372	Unicorn-12588.exe	99
PID 4372 wrote to memory of 4008	4372	Unicorn-12588.exe	99
PID 4372 wrote to memory of 4008	4372	Unicorn-12588.exe	99
PID 5172 wrote to memory of 4544	5172	Unicorn-53595.exe	100
PID 5172 wrote to memory of 4544	5172	Unicorn-53595.exe	100
PID 5172 wrote to memory of 4544	5172	Unicorn-53595.exe	100
PID 396 wrote to memory of 5616	396	Unicorn-47465.exe	101
PID 396 wrote to memory of 5616	396	Unicorn-47465.exe	101
PID 396 wrote to memory of 5616	396	Unicorn-47465.exe	101
PID 4704 wrote to memory of 4900	4704	Unicorn-30631.exe	102
PID 4704 wrote to memory of 4900	4704	Unicorn-30631.exe	102
PID 4704 wrote to memory of 4900	4704	Unicorn-30631.exe	102
PID 4280 wrote to memory of 4212	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	104
PID 4280 wrote to memory of 4212	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	104
PID 4280 wrote to memory of 4212	4280	1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe	104
PID 4504 wrote to memory of 3736	4504	Unicorn-4176.exe	106
PID 4504 wrote to memory of 3736	4504	Unicorn-4176.exe	106
PID 4504 wrote to memory of 3736	4504	Unicorn-4176.exe	106
PID 4092 wrote to memory of 2116	4092	Unicorn-59817.exe	107
PID 4092 wrote to memory of 2116	4092	Unicorn-59817.exe	107
PID 4092 wrote to memory of 2116	4092	Unicorn-59817.exe	107
PID 4008 wrote to memory of 640	4008	Unicorn-55415.exe	108
PID 4008 wrote to memory of 640	4008	Unicorn-55415.exe	108
PID 4008 wrote to memory of 640	4008	Unicorn-55415.exe	108
PID 4500 wrote to memory of 1320	4500	Unicorn-6869.exe	109
PID 4500 wrote to memory of 1320	4500	Unicorn-6869.exe	109
PID 4500 wrote to memory of 1320	4500	Unicorn-6869.exe	109
PID 5616 wrote to memory of 5024	5616	Unicorn-51239.exe	110
PID 5616 wrote to memory of 5024	5616	Unicorn-51239.exe	110
PID 5616 wrote to memory of 5024	5616	Unicorn-51239.exe	110
PID 396 wrote to memory of 3184	396	Unicorn-47465.exe	111
PID 396 wrote to memory of 3184	396	Unicorn-47465.exe	111
PID 396 wrote to memory of 3184	396	Unicorn-47465.exe	111
PID 4372 wrote to memory of 3240	4372	Unicorn-12588.exe	113

C:\Users\Admin\AppData\Local\Temp\1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe
"C:\Users\Admin\AppData\Local\Temp\1ee7409a39b4a554dd40557e36a082be9c04489d401d9dbc48e6d52f8c7417e8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-222.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        11⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        11⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        11⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        10⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        10⤵
        
        PID:19084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
        9⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        9⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        10⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
        10⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        10⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        9⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        9⤵
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        8⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        9⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        10⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        11⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        11⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        10⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        10⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        9⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        9⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        9⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        9⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        9⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        8⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        8⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        9⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        9⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        8⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        8⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        7⤵
        
        PID:19116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54467.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        9⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        10⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        10⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        10⤵
        
        PID:17532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        9⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        9⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        9⤵
        
        PID:18184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
        9⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        8⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        8⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
        9⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        9⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        9⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        8⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        8⤵
        
        PID:18884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        7⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 604
        8⤵
        Program crash
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        7⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        9⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        9⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        9⤵
        
        PID:18680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        8⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        8⤵
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        8⤵
        
        PID:18812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        7⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        8⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        7⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        6⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        8⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        9⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        10⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        10⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        9⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        9⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        8⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        9⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        9⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        9⤵
        
        PID:18712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        8⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        9⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
        9⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        9⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        8⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        7⤵
        
        PID:18864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
        6⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        9⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        9⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        9⤵
        
        PID:18604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
        8⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        7⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        7⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        9⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        10⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        10⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        9⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        9⤵
        
        PID:19168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        8⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        8⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        8⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
        7⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        8⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        8⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        7⤵
        
        PID:17520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        8⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        8⤵
        
        PID:17844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        7⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        7⤵
        
        PID:17932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        6⤵
        
        PID:19588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        5⤵
        
        PID:18512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        10⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        10⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        9⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        9⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        8⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        9⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        8⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        8⤵
        
        PID:19480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        6⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        7⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        8⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        9⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        9⤵
        
        PID:18544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        8⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        7⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        8⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        8⤵
        
        PID:19316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        7⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        6⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        8⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        7⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        6⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        6⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        7⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        6⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        8⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        8⤵
        
        PID:19092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        7⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        6⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        7⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        6⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53397.exe
        6⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        5⤵
        
        PID:19472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        8⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        8⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        7⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        7⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
        7⤵
        
        PID:19288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        8⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        7⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        7⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        6⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        5⤵
        
        PID:7004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 632
        6⤵
        Program crash
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        7⤵
        
        PID:18084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        6⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        6⤵
        
        PID:19464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        5⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        6⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        6⤵
        
        PID:18560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        5⤵
        
        PID:19400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        5⤵
        
        PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        5⤵
        
        PID:19564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
      4⤵
      PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        5⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        5⤵
        
        PID:17856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
      4⤵
      PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
      4⤵
      PID:19380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        9⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        9⤵
        
        PID:19108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        8⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        8⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        7⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        7⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        8⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        8⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        6⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
        7⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
        7⤵
        
        PID:18576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        9⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        8⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        7⤵
        
        PID:19436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        7⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        7⤵
        
        PID:18840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        6⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        6⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        6⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        6⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        6⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        5⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        6⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        8⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        9⤵
        
        PID:17508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        6⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        7⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
        6⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        6⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        6⤵
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        5⤵
        
        PID:6988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 604
        6⤵
        Program crash
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5210.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        5⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        8⤵
        
        PID:18748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        7⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        6⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        7⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        6⤵
        
        PID:18632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        6⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
        5⤵
        
        PID:19548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
      4⤵
      PID:6928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 460
        5⤵
        Program crash
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
      4⤵
      PID:17908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        6⤵
        Executes dropped EXE
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        9⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        9⤵
        
        PID:18828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        8⤵
        
        PID:18856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        7⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
        6⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        8⤵
        
        PID:18972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        7⤵
        
        PID:18900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
        6⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        7⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        7⤵
        
        PID:18804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        6⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        5⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        6⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        8⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        7⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        6⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        7⤵
        
        PID:18960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34820.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        5⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        5⤵
        
        PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        9⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        9⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        8⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51591.exe
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        6⤵
        
        PID:17800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        6⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        6⤵
        
        PID:18932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21746.exe
        5⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
        6⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        6⤵
        
        PID:18832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        5⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        5⤵
        
        PID:18444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
      4⤵
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        7⤵
        
        PID:18772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        6⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        5⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        5⤵
        
        PID:18848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
      4⤵
      PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
      4⤵
      PID:18304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        7⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        6⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        6⤵
        
        PID:19424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        6⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        5⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        5⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        5⤵
        
        PID:18400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
      4⤵
      PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        6⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        7⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        5⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        6⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        6⤵
        
        PID:18876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
      4⤵
      PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        5⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        5⤵
        
        PID:18052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
      4⤵
      PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
      4⤵
      PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        5⤵
        
        PID:19496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
      4⤵
      PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        5⤵
        
        PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
      4⤵
      PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
      4⤵
      PID:16068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
    3⤵
    PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
      4⤵
      PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        5⤵
        
        PID:19152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
      4⤵
      PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
      4⤵
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38402.exe
    3⤵
    PID:10624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
    3⤵
    PID:14932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
    3⤵
    PID:18108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        8⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        6⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        6⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        9⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        9⤵
        
        PID:18948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        7⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        6⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37429.exe
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        7⤵
        
        PID:19504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        8⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        7⤵
        
        PID:19296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        8⤵
        
        PID:17616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        5⤵
        
        PID:15588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
      4⤵
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        5⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        5⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        5⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        5⤵
        
        PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        5⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
      4⤵
      PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        6⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        8⤵
        
        PID:19556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        6⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        7⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        6⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        6⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        7⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        5⤵
        
        PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        5⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        6⤵
        
        PID:18496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        5⤵
        
        PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
      4⤵
      PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
      4⤵
      PID:18096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        5⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        8⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        8⤵
        
        PID:18392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        7⤵
        
        PID:18648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        6⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        6⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        7⤵
        
        PID:19212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
      4⤵
      PID:6952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 588
        5⤵
        Program crash
        
        PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
      4⤵
      PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      4⤵
      PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        5⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
      4⤵
      PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
      4⤵
      PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
      4⤵
      PID:17696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
    3⤵
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        5⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        5⤵
        
        PID:17812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
      4⤵
      PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
      4⤵
      PID:19352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
    3⤵
    PID:10344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
    3⤵
    PID:15900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        9⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        7⤵
        
        PID:19416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        7⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        6⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        6⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        8⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5614.exe
        7⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        6⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        5⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        6⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        5⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        5⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        8⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
        7⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        7⤵
        
        PID:18024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        6⤵
        
        PID:14388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14388 -s 436
        7⤵
        Program crash
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        5⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        5⤵
        
        PID:18664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        7⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35193.exe
        7⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        6⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        6⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
        6⤵
        
        PID:18820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        5⤵
        
        PID:19240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
      4⤵
      PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
      4⤵
      PID:18248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
      4⤵
      PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        7⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        6⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        5⤵
        
        PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
      4⤵
      PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
      4⤵
      PID:17752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
      4⤵
      PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        6⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        6⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        5⤵
        
        PID:18384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
      4⤵
      PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
      4⤵
      PID:18892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        5⤵
        
        PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
      4⤵
      PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
    3⤵
    PID:7412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 488
      4⤵
      Program crash
      PID:8944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
    3⤵
    PID:11724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
    3⤵
    PID:16616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
    3⤵
    PID:18128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        6⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        8⤵
        
        PID:18740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
        7⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        6⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        5⤵
        
        PID:19452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
      4⤵
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        5⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        5⤵
        
        PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        5⤵
        
        PID:18356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
      4⤵
      PID:15956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 720
      4⤵
      Program crash
      PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        5⤵
        
        PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      4⤵
      PID:13836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30186.exe
    3⤵
    PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
      4⤵
      PID:13904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
    3⤵
    PID:11800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
    3⤵
    PID:19220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      4⤵
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        7⤵
        
        PID:19408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        6⤵
        
        PID:18004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        5⤵
        
        PID:18264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        5⤵
        
        PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
      4⤵
      PID:11888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        6⤵
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
      4⤵
      PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
      4⤵
      PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
      4⤵
      PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    3⤵
    PID:7092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 604
      4⤵
      Program crash
      PID:9316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8561.exe
    3⤵
    PID:9568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
    3⤵
    PID:14608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48989.exe
    3⤵
    PID:19060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
    3⤵
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        5⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        5⤵
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
      4⤵
      PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
    3⤵
    PID:9104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
    3⤵
    PID:13920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
    3⤵
    PID:17740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
  2⤵
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
    3⤵
    PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
      4⤵
      PID:14868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
    3⤵
    PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
    3⤵
    PID:16160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
    3⤵
    PID:18528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
  2⤵
  PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
    3⤵
    PID:11336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
    3⤵
    PID:16068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
    3⤵
    PID:18428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
  2⤵
  PID:11760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
  2⤵
  PID:16600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
  2⤵
  PID:19512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1120 -ip 1120
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6960 -ip 6960
1⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7092 -ip 7092
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7004 -ip 7004
1⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6928 -ip 6928
1⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7016 -ip 7016
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7412 -ip 7412
1⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6952 -ip 6952
1⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7008 -ip 7008
1⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6988 -ip 6988
1⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 14388 -ip 14388
1⤵
PID:16756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:17100

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe

Filesize
468KB

MD5
a1f71891052d0e37853844213cec80a2

SHA1
d946ca425168ded644c8a50d06fc04a90b4c71c3

SHA256
15e58db359f21ea395127f293bc4f72f0a8cd697effd7a8e0b0c2b63bf288006

SHA512
b3e350b4239a0ffadd38d37e9ee3b481251b60123490328269ab3698eb8c44e79dd7448f421c64fc3276f54119d0d8507712bce62bbbf0f48eda238310d29116

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe

Filesize
468KB

MD5
0c77e0de4ade0f94dfa6fb9b1153bec2

SHA1
97754e1700059a8ae7da1b5f6f8b2eccc7e0d829

SHA256
164737fff8c60afe907103659b72dcfd3db5b4f699d4b28ec159e9df6cc3fb10

SHA512
de50584635e8511cd4bc4a0f9cd679a15d04156aa8b8eb0b2a2f4dc47bbded02735ca5ffad83cb7f5b3b5919a1ff97fab4a22ea260fc9278607ec440d34bbbc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe

Filesize
468KB

MD5
d7f055f11fdb0e6b975000021606afad

SHA1
ab3bb4ff11939eb8b7d0c00664a84b8748e25ffc

SHA256
1fa2fa1151a685efbca06d38ebeb3cb0d9284e60b739a3bdfe3b5cee2434e09f

SHA512
eda6537023215ec49d7e420b9a7d9bf2a34f5e39a7c1ebdf3259c8c43777b373ec092534a3d139a7a77603cd2ce7e4aecaeec23ac9e5b104cc937169afb03818

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe

Filesize
468KB

MD5
a7f8173ca4aa8c121c20117bfeb4295f

SHA1
e447d4cff56b2632bf53d2d88c96c80c36dd1b01

SHA256
4539714332859f8736ada5a82183e986463a5ade69f9ff0df5f0f380cc650d4f

SHA512
e3946ca71d39431d14ff0882f076fb6e9ee46f3a39d5d94da965d8435fd3dba1f99e6d5437fe1417b8c90ff3f711fa4740249deef671bfed5830288df0a9d673

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe

Filesize
468KB

MD5
d338a72b2d4f7ff3f069556376e15b93

SHA1
98ba6f3ee8b2da8df00eb6162dcb49683f681f06

SHA256
4df8a0a071bb0c41f5adbc3ed2b1d02818f9180ba29e18cdf2481168b6a802ac

SHA512
e849ae76810e4fad426e6142b5c20e7f42fad84b272a352d486e0e2a4d9df53b54536ab5386cbb112d2da47e4f73fc4e795f442856260b915ef1f57014693947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe

Filesize
468KB

MD5
942472f4e38fa5404879419498b09701

SHA1
0afcb6bf7a4fc7019455b4a58f85ffa6014c90ee

SHA256
e03b583dc00a4f9d502683611d440ddbbb2ca5ec08d92c293a57e3748040f896

SHA512
ad1e1043e2b8de008d2890f90b80d6c43a72971ef633107549ba3e217e0ede382cefa12f6689fdcbf7c8ec9ff002b6d0aab50838de853063c61b3b6392406511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-222.exe

Filesize
468KB

MD5
5ecbbc3a0c40ff0fb3969bc6e35b8ed5

SHA1
015ea978a604c5300a80a00b6d62514e1e706625

SHA256
7958cc9ba8ecababa9bf2c71af8840ddde8b35899349a562fc6b70cecdfad586

SHA512
db0f4902729c33acc762670f9ce21ef6bc5f3357d83d80676af81d85db7f73adad03c0b73c4dcbc0741eed563be9189515ec5e5d5c409758f3de9a43e9f890a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe

Filesize
468KB

MD5
e77b1ef2f73f02f296752eba34c51999

SHA1
eae3f77a88694cfb836a42a6835d53d0ca3cceba

SHA256
aff8922e56a51ad5b9482dc78a072b46a452bf306cc854951ea1f12d0658bdfd

SHA512
a2246aa7848a254112d7c67ce07e336d379971e21274e730090ff722dc26750f9978b4290564b2c360355642967c3d70dda34ca68adef1b2b84cee7bc92e54f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe

Filesize
468KB

MD5
adb17c0e2ce87ddff3ab150d393f2ecc

SHA1
4009441253b986b61bfe9ebc1d2910f6f39eea4f

SHA256
eaae44fc9ac78aaa90de4bc237964ccd28e1331f79a44e31cd3ad5230558d3c0

SHA512
be3cb58e2e9bfe741550a625b35cf520254fe1e9d8f33e9e5433f8c3339a72557aa06427e9e2e8d566b04e216cde92941fb9ed01b8bfce31fc037be8f8237cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe

Filesize
468KB

MD5
58f9fd29ceb6ac1e3bc21acff1834da9

SHA1
89831e8d15cad4f7bff8d6c29dc548c82b831732

SHA256
313198b7bf0e88872a17767f4f059af2988da9ac5cfe61b9dc6771451b5e9e89

SHA512
bbc57a9ef08f51a7885fc561c1f0127513f32e2c913e2851265c52db590f567ed8d9ec56379fbfcd70aeb61ec0488f7906cb41dff190e59f13b8b1dcec1cf9e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe

Filesize
468KB

MD5
f5edf45160f5ed0915492a5e47d2be7e

SHA1
06f1057cedfb8a810395d5c813a8b06137d968aa

SHA256
05d6f0a00c4eec70c700ada8b8d08b99c85f4b683312b53509bffa0b8a896eb0

SHA512
efddacbba1fe1841d98499b25cf5db1fbd18f95652f893c506acfea61f5efe1daa12f6d85d6c85387e5fc398ea254451d6def9b6ed87e66d4c0327405372a9af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe

Filesize
468KB

MD5
254d826425cb1d51f3f5a486858b7345

SHA1
5b041deea756880c66949a3ff67f3b436c60ffbe

SHA256
be769309f6da14cd6d06efe76fed5a6312c3ce8cd042fbaeb5bfb50528ff4f0b

SHA512
23ebb5db3d1ead5389b1010a363a273074678306d31bced6af73793e22a67cd09edcd78a00485e277ad7d3d16075d0e88fecfdefb350801c83529b0c43469472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe

Filesize
468KB

MD5
2144969a5c4bafe754ae68984101933a

SHA1
3e6b91bdf930f568e31969084f07edfcca5e7503

SHA256
df230a8dd78d17111f0fc51d033ba1b8815750de796fd3d5ac9fbad1f87eb5f6

SHA512
6594b4bc49af75e218c99383befe6c61b6dd221f815c6d2fff62097784c5785e3cba8f477dc93696de3c403ecfe5d0cd8327156699d4eb572edbdf54be86e27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe

Filesize
468KB

MD5
209761b2fb769feba6954a4b7d586870

SHA1
425d34dbfef5464b051e1bc7d56cb4dfbf21e6f6

SHA256
5d99867665d119778f179eeaf185d0b3007fd2b35d1370b44118e5fb2ba3913c

SHA512
fa978c1e1e225ff8666a4c6e849f1aa31f7e705547e123dbbcf61428718080486f662c769b00404ade273dfaa02d614523e5cc5156b7c6ec2b111d800a566d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe

Filesize
468KB

MD5
020e77415fa4b830a50438c4c80a8508

SHA1
c679df9ecbd7b506641b8472c44f6d22dbc8d237

SHA256
653c88663c7d799879874e43d9b64006e20d0fb197b367658e4276535fddd5e2

SHA512
71e151e9b85894d17063190f15d6323e5d1b5c0b6fb0a8882bc88abea576c74bbf14e75ac8ec04745ce1ba75c842fb4f3b4786a47b57b0d3ec8e2b7161c3409f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe

Filesize
468KB

MD5
85d9993c7785f08ee4b748de4581e78a

SHA1
8514c232d961f6fad3002413242b422d24b94848

SHA256
2430cf8821396217007def878c45360ed07ab3ea53114dd225a9d91df62c3ee6

SHA512
1a06dd194e54cc49b7e0449a0de382efb1aeabfc97a7684aafec53834162a32ef1199a37b40f9abb6d5a58f198b93757f603e1b7e37519ef080dcc161ad8071b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe

Filesize
468KB

MD5
fee34107c008efbb32b40b4a935e3c40

SHA1
b5c17fcc8e5e8b62c254d3dfb15210ec2603e573

SHA256
2594eb9136412961d1819575e1fe61e1b24c3eeb92d1ed264a20030429ec9c55

SHA512
5bf8c7de668b18150abfaf02c50e3b7b5a7f98e689e6faee353173abca4f9c466f834fe924dfc0508927dbeab64a7d972d4dbeaadb9e83b870a620f9a4d88036

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe

Filesize
468KB

MD5
d52848247d2b33acff698e56d15d821f

SHA1
296934052d407300d2933ece636f99cdf03d8c22

SHA256
9ebe073112f5d60b584954f4b04aed8b6ca1ed6a87962150dbb00a54148d041a

SHA512
c65a69dad4cad41008bff8ee062f88330c5acfdb356520f17e6f44dd7aed7e44a811f9ab95c2b27648b51971f552ba6031d01a819e0272c13531ea93500f78b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe

Filesize
468KB

MD5
ebc85f591a95aa3c5cd5b71ea4d279be

SHA1
a34a14ebf1f95f64ea3f1f9f052aaa5552d2ef96

SHA256
4e64cfa22774edfbcf2feffe6a907e1688f6946ad7c2e1a2bc5dd7d1cd2c0dac

SHA512
b19b35f15928a708d4170c0587b838f5337c822a43a3950fb3bf8f839985caf5f11518174da9861d02b8f9dce54f11e9dd4569e457c87d018115e5af7921f8af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe

Filesize
468KB

MD5
0d58a3289bed7614e39e496065cd65ce

SHA1
bfec4a5da8cf180f8a6246e9ae627f50716865c3

SHA256
9d3021827fe00a47f88ee09511527caa68bb84708662c7e042350410d1df6327

SHA512
17e1ea67295c2eae0178d595a0093bde51ab2d24ea3bc0d32bbc270117ec678b68944ec63a5690c55bd94b9faa8d5108a14299cb28d0dc63195a58d177f17db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe

Filesize
468KB

MD5
0d29b808ad4786503d36252a1d88dbc2

SHA1
66d159d2bf1e898b54b5ccf890d1d0f5146721d8

SHA256
2bc4affbd4e24773de4a33408c5d20a80ce586fb30aae7339a74867f8cf9d6c0

SHA512
ed74828990504d43dfe0b5d22faa8e1025903c590d8ddfd048ce3e644c92d7d3394b552212c89382dcd40b402e98c088a9b024a625df86b9ee129beb89876a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe

Filesize
468KB

MD5
f890bb36e1c6fd7dde4bf9e7e1b4923a

SHA1
25bcae76d8b4e37dc1d20f3fd1b2cc128e4e29df

SHA256
57a52a8d770bcbde4d587970a419b172e269985e513f4903b7a1f9dddf569d2a

SHA512
2c7cef759ef5ad2c8803f6b0a41e6da3ac1dafc21f5342c845393adf5abe483a97524063e151773b65eecd14a7a376cfb48215d64f1f3c0515555fac82a763a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe

Filesize
468KB

MD5
0712927ad2e9be3d4db55b4471f34dfb

SHA1
e4652642871286de3a67aa003ace29b846c79885

SHA256
f80ffb05bc31381b1e042e1924eee06e78ff29163f0713199782288561ca7f3b

SHA512
a662d25d759bf8521b1c60d243ffea8a99093ef3757e3562a6836495f86bcb661e9acf017bc8aa5ff90af6680d13c93b39dab81cbc2a11ed59e445a2d0597467

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe

Filesize
468KB

MD5
91a625d41a169571ca2ed94e7a1f56c5

SHA1
e4cc8691762c987ee52b6756aa12b6208a4783b7

SHA256
f2b26c4752782e8f9a22be3bbf82210ccc0f7fd94067156930361c240a1e303f

SHA512
77462097fa41eac1197e7fb2d03c89333e50827fad937ef9f9b40fa50ab2988051ac21f0276032284f1ee64aa033cd2194b6e8e7e11d5803b3b9543cf414ff1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe

Filesize
468KB

MD5
4c51a62d074ae133c43dadb57a7b2b88

SHA1
f3baf8202a53e59c17bf36286725d19be095b11a

SHA256
ca17bdcfddc5bb856c480d3498dedb33574428c77e2c5d9e6a27740f7ce2a2fa

SHA512
2aac5fc78dc6daa0c65db91f903dcbc0ef531c0d48654ac9165e58217030492e2da2e91a0d6795e0687ab84079ca5ba8e226ffea2f2cc9fe34cf2a66e19e0b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe

Filesize
468KB

MD5
80e8c4ecafe04d3123a2c8a6648dbb56

SHA1
dacc9790236ae5b4979bd448afb7a6411d0b64a3

SHA256
ce7ed418d2c894f057dddb30f159c16f5d7e33dc91e7f37cc1d7700a0c4728f2

SHA512
26b989827d1f15b4c6b984951ea5e8842d36e1c17661a4b6f07c7e47312282a27975593f43d78ef31fc9bc919f35ec4af522f4165ef24a2f0b858955ac257aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe

Filesize
468KB

MD5
d8cd56d42d9ece4a2193a8ba0e1967af

SHA1
95e62860907ff4bf6a04a20aed0c8f8c2b428ff0

SHA256
08fbcd2348b78a213fb449fdd2c6c61edcdedcd8f24d21cfe1fcf38aac613bf0

SHA512
5646b9e493dc126704491b33823e446d93d0ec2f462f8c92b0e33da4c101793a53e2b20921438981e40eaf64af7c2afb3a6b56128ac74b96cdcc7e01c9fe74f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe

Filesize
468KB

MD5
6a878bbc6ed3cb8392039addd0ad5b49

SHA1
180a2b1d50443d5e230cabd669641e272699d758

SHA256
3f9f47a89721e5c09fd37e388f76a334d1c1ebdada50620edd85a7161ad5bc50

SHA512
1eca39355facb9976b8acbd6335265b802123bc01fb930bbd2a463ec56f17a0ef118ed7ce65cd71fdb693f32d67fb431309d8e7b44ac3b7a3cbfb9c77d7d8fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe

Filesize
468KB

MD5
812c50c46d45cb2d72168cbb6bcf84fb

SHA1
bb2207b4ee93120abf96ceaf2c14dddb31fd7f3d

SHA256
5b843bc600bbc95c2d515b9e3d9244982d9fc8f01b73dfff6a91cc6dff8c0b3a

SHA512
55cb68b2a51bad70a8a9ec9132688e9a5d477b179407f0c204ed4f5d0965515c5d16a1198af0718ee38f198ed210cb92993121746a25dfffc56ffef6d2c495b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe

Filesize
468KB

MD5
3a5e9a748eef423bca10474e475b40d6

SHA1
2af197008ae0636d57bdc90aacc622eda6970a8c

SHA256
f0bd7f8f85adfb00d7c4ceb1b31a4b46f44ba87bff52b7b9178a4f79e9085b3d

SHA512
1662252119356027bc0a8961e54b35d8820e97837ca3af3f61b068a2d7bf6fd856da357afc1ff9a4c2907881cfacac9be3fcbb4fdbae991f3fb37406ee946845

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe

Filesize
468KB

MD5
09654842f95a55ed467fd0f4953ce72a

SHA1
45b3973be282ad357d97d6cbbb7ddaef31ae0c2c

SHA256
34e2d62468d6a10bb3ca00f7523782cfcbdae2e3a373ea7d147e7f6bc9034d7e

SHA512
986ac73a3e62608a390c7d56c7527e1dd50020b53c6dd0e6b2f0ab4d8d42de1d6d5ad517f4d800a1be04c3d59ad26221a7c54023680833c04b1c2d1fbf1d2218

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe

Filesize
468KB

MD5
1c51c3c0816b98d32ee5accdb6afef09

SHA1
1006cdacd56656429ceb45dc9da812fea1c677a2

SHA256
dddb966bb38bc9965fd6a4cbc4abb1c45dc22c916e8644bff624836614f96a03

SHA512
9dad75cab470cf163c718967a4f1720abdec9d3b7068f104a29028a137dcb29d825f13da7a96d1c78b142a7fa348c8cc3991d3a7ae98de37c35b94b8d9db39e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe

Filesize
468KB

MD5
debe76d876f2024dd3ed4c983fd463ad

SHA1
cbdfd6404258c638ac5f0bfb29d51b2d3a1ab027

SHA256
7c91b834788e7ea6daddc65cb4e6a6ac848ea242fdb5646416f3b9c713c4972b

SHA512
f8691bb046cc8a36adc142c49186c1bae59088442d2b985c7992ea0b830f1b85cb24d766d8b402f3be4cebb6b7c8900c5b964470ed5241fa9d036851db0cffcf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads