cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe
Size

468KB
MD5

1519f916a3273031630bfddb934ddc0e
SHA1

c6eb959a0625bea5eebbec0984ac45919738018d
SHA256

cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5
SHA512

3795d63d1f4ac3030adb419c7048d73e931a0d99136666bd14e4136934ec8ab67be2f53960f6ab92ddd819a2e78109e724480f943ca53b2cecc4724bd8be0a8d
SSDEEP

3072:dqmCogKx128U2bY9Pz3yqf8/EChjyIplPmHxvlHUwJ0+1MuN4qlS:dqroLXU2+PDyqfX0cSwJDuuN4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3428	Unicorn-27030.exe
1704	Unicorn-27326.exe
3916	Unicorn-31004.exe
4468	Unicorn-2541.exe
1512	Unicorn-51742.exe
2704	Unicorn-45612.exe
1396	Unicorn-15540.exe
1732	Unicorn-13117.exe
4748	Unicorn-46101.exe
1896	Unicorn-54342.exe
2144	Unicorn-54342.exe
3228	Unicorn-38975.exe
3328	Unicorn-26308.exe
2120	Unicorn-34476.exe
4932	Unicorn-54342.exe
1628	Unicorn-50782.exe
2904	Unicorn-63781.exe
4152	Unicorn-18110.exe
4372	Unicorn-57228.exe
3536	Unicorn-41462.exe
2900	Unicorn-14004.exe
3304	Unicorn-15237.exe
3912	Unicorn-7069.exe
1960	Unicorn-48102.exe
2508	Unicorn-64438.exe
228	Unicorn-20068.exe
3068	Unicorn-64173.exe
2624	Unicorn-17083.exe
4412	Unicorn-20068.exe
3628	Unicorn-33803.exe
5088	Unicorn-15045.exe
4628	Unicorn-9373.exe
4236	Unicorn-14204.exe
1968	Unicorn-50214.exe
3412	Unicorn-39092.exe
3928	Unicorn-34262.exe
4960	Unicorn-60878.exe
672	Unicorn-36374.exe
2380	Unicorn-10908.exe
392	Unicorn-5355.exe
900	Unicorn-16316.exe
4448	Unicorn-44926.exe
388	Unicorn-27630.exe
5048	Unicorn-21307.exe
1164	Unicorn-32268.exe
4508	Unicorn-32268.exe
1736	Unicorn-35798.exe
3588	Unicorn-43966.exe
2260	Unicorn-33790.exe
4832	Unicorn-22092.exe
3860	Unicorn-38236.exe
3484	Unicorn-35828.exe
2792	Unicorn-25430.exe
8	Unicorn-58102.exe
4636	Unicorn-25165.exe
2904	Unicorn-17646.exe
916	Unicorn-1044.exe
4948	Unicorn-17075.exe
2876	Unicorn-42342.exe
1472	Unicorn-28043.exe
1476	Unicorn-22476.exe
2428	Unicorn-42342.exe
1252	Unicorn-1501.exe
744	Unicorn-10245.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
1388	2904	WerFault.exe
15024	764	WerFault.exe	293
19080	15808	WerFault.exe
19176	15848	WerFault.exe
19156	15856	WerFault.exe
18868	16692	WerFault.exe	854
3892	17140	WerFault.exe	870
1564	13188	WerFault.exe	832
18792	6708	Process not Found	1221
8392	1716	Process not Found	1067

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe
3428	Unicorn-27030.exe
1704	Unicorn-27326.exe
3916	Unicorn-31004.exe
4468	Unicorn-2541.exe
2704	Unicorn-45612.exe
1512	Unicorn-51742.exe
1396	Unicorn-15540.exe
1732	Unicorn-13117.exe
4748	Unicorn-46101.exe
1896	Unicorn-54342.exe
3328	Unicorn-26308.exe
4932	Unicorn-54342.exe
3228	Unicorn-38975.exe
2144	Unicorn-54342.exe
2120	Unicorn-34476.exe
1628	Unicorn-50782.exe
4152	Unicorn-18110.exe
4372	Unicorn-57228.exe
3536	Unicorn-41462.exe
2900	Unicorn-14004.exe
3304	Unicorn-15237.exe
1960	Unicorn-48102.exe
3912	Unicorn-7069.exe
2508	Unicorn-64438.exe
3068	Unicorn-64173.exe
228	Unicorn-20068.exe
5088	Unicorn-15045.exe
2624	Unicorn-17083.exe
4412	Unicorn-20068.exe
3628	Unicorn-33803.exe
4628	Unicorn-9373.exe
4236	Unicorn-14204.exe
1968	Unicorn-50214.exe
3412	Unicorn-39092.exe
3928	Unicorn-34262.exe
4960	Unicorn-60878.exe
672	Unicorn-36374.exe
2380	Unicorn-10908.exe
392	Unicorn-5355.exe
900	Unicorn-16316.exe
4448	Unicorn-44926.exe
388	Unicorn-27630.exe
5048	Unicorn-21307.exe
4508	Unicorn-32268.exe
3588	Unicorn-43966.exe
1164	Unicorn-32268.exe
1736	Unicorn-35798.exe
2792	Unicorn-25430.exe
2260	Unicorn-33790.exe
4832	Unicorn-22092.exe
3860	Unicorn-38236.exe
1476	Unicorn-22476.exe
2876	Unicorn-42342.exe
8	Unicorn-58102.exe
916	Unicorn-1044.exe
2904	Unicorn-17646.exe
4636	Unicorn-25165.exe
4948	Unicorn-17075.exe
1472	Unicorn-28043.exe
2428	Unicorn-42342.exe
1252	Unicorn-1501.exe
744	Unicorn-10245.exe
936	Unicorn-61484.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 3428	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	92
PID 5056 wrote to memory of 3428	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	92
PID 5056 wrote to memory of 3428	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	92
PID 3428 wrote to memory of 1704	3428	Unicorn-27030.exe	94
PID 3428 wrote to memory of 1704	3428	Unicorn-27030.exe	94
PID 3428 wrote to memory of 1704	3428	Unicorn-27030.exe	94
PID 5056 wrote to memory of 3916	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	95
PID 5056 wrote to memory of 3916	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	95
PID 5056 wrote to memory of 3916	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	95
PID 1704 wrote to memory of 4468	1704	Unicorn-27326.exe	98
PID 1704 wrote to memory of 4468	1704	Unicorn-27326.exe	98
PID 1704 wrote to memory of 4468	1704	Unicorn-27326.exe	98
PID 3916 wrote to memory of 1512	3916	Unicorn-31004.exe	100
PID 3916 wrote to memory of 1512	3916	Unicorn-31004.exe	100
PID 3916 wrote to memory of 1512	3916	Unicorn-31004.exe	100
PID 5056 wrote to memory of 2704	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	99
PID 5056 wrote to memory of 2704	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	99
PID 5056 wrote to memory of 2704	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	99
PID 3428 wrote to memory of 1396	3428	Unicorn-27030.exe	101
PID 3428 wrote to memory of 1396	3428	Unicorn-27030.exe	101
PID 3428 wrote to memory of 1396	3428	Unicorn-27030.exe	101
PID 2704 wrote to memory of 1732	2704	Unicorn-45612.exe	102
PID 2704 wrote to memory of 1732	2704	Unicorn-45612.exe	102
PID 2704 wrote to memory of 1732	2704	Unicorn-45612.exe	102
PID 5056 wrote to memory of 4748	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	103
PID 5056 wrote to memory of 4748	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	103
PID 5056 wrote to memory of 4748	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	103
PID 1512 wrote to memory of 1896	1512	Unicorn-51742.exe	104
PID 1512 wrote to memory of 1896	1512	Unicorn-51742.exe	104
PID 1512 wrote to memory of 1896	1512	Unicorn-51742.exe	104
PID 1396 wrote to memory of 2144	1396	Unicorn-15540.exe	106
PID 1396 wrote to memory of 2144	1396	Unicorn-15540.exe	106
PID 1396 wrote to memory of 2144	1396	Unicorn-15540.exe	106
PID 3428 wrote to memory of 3228	3428	Unicorn-27030.exe	105
PID 3428 wrote to memory of 3228	3428	Unicorn-27030.exe	105
PID 3428 wrote to memory of 3228	3428	Unicorn-27030.exe	105
PID 4468 wrote to memory of 4932	4468	Unicorn-2541.exe	108
PID 4468 wrote to memory of 4932	4468	Unicorn-2541.exe	108
PID 4468 wrote to memory of 4932	4468	Unicorn-2541.exe	108
PID 3916 wrote to memory of 3328	3916	Unicorn-31004.exe	109
PID 3916 wrote to memory of 3328	3916	Unicorn-31004.exe	109
PID 3916 wrote to memory of 3328	3916	Unicorn-31004.exe	109
PID 1704 wrote to memory of 2120	1704	Unicorn-27326.exe	107
PID 1704 wrote to memory of 2120	1704	Unicorn-27326.exe	107
PID 1704 wrote to memory of 2120	1704	Unicorn-27326.exe	107
PID 1732 wrote to memory of 1628	1732	Unicorn-13117.exe	110
PID 1732 wrote to memory of 1628	1732	Unicorn-13117.exe	110
PID 1732 wrote to memory of 1628	1732	Unicorn-13117.exe	110
PID 2704 wrote to memory of 2904	2704	Unicorn-45612.exe	153
PID 2704 wrote to memory of 2904	2704	Unicorn-45612.exe	153
PID 2704 wrote to memory of 2904	2704	Unicorn-45612.exe	153
PID 4748 wrote to memory of 4152	4748	Unicorn-46101.exe	112
PID 4748 wrote to memory of 4152	4748	Unicorn-46101.exe	112
PID 4748 wrote to memory of 4152	4748	Unicorn-46101.exe	112
PID 5056 wrote to memory of 4372	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	113
PID 5056 wrote to memory of 4372	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	113
PID 5056 wrote to memory of 4372	5056	cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe	113
PID 1896 wrote to memory of 3536	1896	Unicorn-54342.exe	115
PID 1896 wrote to memory of 3536	1896	Unicorn-54342.exe	115
PID 1896 wrote to memory of 3536	1896	Unicorn-54342.exe	115
PID 1512 wrote to memory of 2900	1512	Unicorn-51742.exe	118
PID 1512 wrote to memory of 2900	1512	Unicorn-51742.exe	118
PID 1512 wrote to memory of 2900	1512	Unicorn-51742.exe	118
PID 3228 wrote to memory of 3304	3228	Unicorn-38975.exe	119

C:\Users\Admin\AppData\Local\Temp\cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe
"C:\Users\Admin\AppData\Local\Temp\cd79a8369b09f531e7ddfc17d4298e0287feb758781bbaac221034aaa406b5c5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27326.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64438.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        10⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        11⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
        10⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        10⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        10⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        10⤵
        
        PID:18420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        9⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        9⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        9⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        10⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        9⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        8⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        8⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        9⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        9⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        9⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        8⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9730.exe
        8⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        9⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        9⤵
        
        PID:19164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        7⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        8⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        9⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        7⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        6⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        6⤵
        
        PID:19152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        9⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        9⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        7⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        9⤵
        
        PID:16520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        
        PID:16488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        7⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        5⤵
        Executes dropped EXE
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        8⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        7⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        6⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        7⤵
        
        PID:17140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17140 -s 468
        8⤵
        Program crash
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        6⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        6⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        5⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        5⤵
        
        PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        9⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        10⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        9⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        9⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        9⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        8⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        8⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        7⤵
        
        PID:17712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        8⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        7⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
        6⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        9⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
        9⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        8⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        7⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 664
        7⤵
        Program crash
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        6⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        7⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        6⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        6⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        5⤵
        
        PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        9⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        9⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        8⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        6⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60830.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        5⤵
        
        PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        6⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        5⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        5⤵
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
      4⤵
      PID:9244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        9⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        10⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        9⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        9⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        8⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45180.exe
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        7⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        7⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21427.exe
        6⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        7⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        6⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        9⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        9⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        8⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        8⤵
        
        PID:19388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        8⤵
        
        PID:18716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        6⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        7⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        7⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        6⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        5⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        7⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
        7⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        6⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        7⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        6⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        7⤵
        
        PID:19164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        6⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        7⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        6⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        5⤵
        
        PID:15848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15848 -s 412
        6⤵
        Program crash
        
        PID:19176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
      4⤵
      PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
      4⤵
      PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
      4⤵
      PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        7⤵
        
        PID:18648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        6⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        6⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        6⤵
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        7⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        6⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        7⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16692 -s 380
        7⤵
        Program crash
        
        PID:18868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        6⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        5⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        7⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        6⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        5⤵
        
        PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        8⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        7⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        6⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        5⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9466.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        6⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        7⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        7⤵
        
        PID:17844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        6⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        5⤵
        
        PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
      4⤵
      PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        5⤵
        
        PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
      4⤵
      PID:10032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35534.exe
        6⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        7⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        5⤵
        
        PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        5⤵
        
        PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14707.exe
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
      4⤵
      PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
      4⤵
      PID:7968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        6⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        7⤵
        
        PID:18864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        6⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        6⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        5⤵
        
        PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
      4⤵
      PID:14684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
      4⤵
      PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
      4⤵
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        5⤵
        
        PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
      4⤵
      PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
    3⤵
    PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
      4⤵
      PID:14172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1979.exe
    3⤵
    PID:12164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
    3⤵
    PID:16532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
    3⤵
    PID:7604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
        8⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        9⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        10⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        10⤵
        
        PID:18428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        10⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
        9⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        9⤵
        
        PID:17528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
        9⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        9⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        8⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        9⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        9⤵
        
        PID:19372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        8⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        7⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        6⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        6⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        6⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        9⤵
        
        PID:19280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        8⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        7⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        7⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        8⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        7⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        7⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        8⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        8⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13188 -s 464
        9⤵
        Program crash
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        6⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46570.exe
        7⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        6⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        9⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        10⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        10⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        9⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        8⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        8⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        8⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        8⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        7⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        7⤵
        
        PID:19004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        8⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        7⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        7⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15283.exe
        6⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        7⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        7⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
        6⤵
        
        PID:19080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        5⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        6⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        7⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        6⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        5⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        5⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        5⤵
        
        PID:16440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
      4⤵
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        6⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        5⤵
        
        PID:15856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15856 -s 408
        6⤵
        Program crash
        
        PID:19156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
      4⤵
      PID:14988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11205.exe
        6⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59211.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        
        PID:15808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15808 -s 408
        8⤵
        Program crash
        
        PID:19080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        7⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        6⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        8⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        7⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        6⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        7⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        7⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        6⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        7⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        5⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        5⤵
        
        PID:18524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        5⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
      4⤵
      PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
      4⤵
      PID:19156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        7⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        6⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        7⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        6⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        5⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
      4⤵
      PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
      4⤵
      PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        5⤵
        
        PID:12940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
      4⤵
      PID:9280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
      4⤵
      PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
      4⤵
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
      4⤵
      PID:7344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
    3⤵
    PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
      4⤵
      PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        5⤵
        
        PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
      4⤵
      PID:12832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
    3⤵
    PID:9072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
    3⤵
    PID:15836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
    3⤵
    PID:5236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        9⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        8⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        8⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        8⤵
        
        PID:19052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        7⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        7⤵
        
        PID:17520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        7⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
        6⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        8⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
        7⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        7⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        6⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        6⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        6⤵
        
        PID:18132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        5⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35844.exe
        9⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
        8⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        7⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        7⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
        6⤵
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28326.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        7⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        6⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        5⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        7⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        5⤵
        
        PID:17504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        5⤵
        
        PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        5⤵
        
        PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      4⤵
      PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        5⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
      4⤵
      PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
      4⤵
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
      4⤵
      PID:17876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe
    3⤵
    - Executes dropped EXE
    PID:2904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
      4⤵
      Program crash
      PID:1388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        6⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        5⤵
        
        PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
      4⤵
      PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        5⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        6⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        5⤵
        
        PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
      4⤵
      PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
      4⤵
      PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
      4⤵
      PID:18440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
      4⤵
      PID:17512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        5⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        6⤵
        
        PID:18864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
        6⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        5⤵
        
        PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
    3⤵
    PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
      4⤵
      PID:10932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
    3⤵
    PID:11384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
    3⤵
    PID:16276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
    3⤵
    PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
    3⤵
    PID:16196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        5⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        7⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
        8⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        7⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46612.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        6⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        5⤵
        
        PID:19368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        7⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        6⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        6⤵
        
        PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47172.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        6⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        5⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
      4⤵
      PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
      4⤵
      PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        6⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        7⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        5⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        5⤵
        
        PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
      4⤵
      PID:15776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
    3⤵
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        5⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
        5⤵
        
        PID:18408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      4⤵
      PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        5⤵
        
        PID:13740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
      4⤵
      PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
      4⤵
      PID:17020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        5⤵
        
        PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
      4⤵
      PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
      4⤵
      PID:17472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
    3⤵
    PID:7648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
    3⤵
    PID:12200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
    3⤵
    PID:17284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        6⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        7⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
        6⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        5⤵
        
        PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42638.exe
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        5⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        6⤵
        
        PID:19256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        5⤵
        
        PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
      4⤵
      PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        5⤵
        
        PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
      4⤵
      PID:17036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63333.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        5⤵
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
      4⤵
      PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
      4⤵
      PID:17636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22091.exe
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
      4⤵
      PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        5⤵
        
        PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
      4⤵
      PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
      4⤵
      PID:7068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
    3⤵
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
      4⤵
      PID:18148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
    3⤵
    PID:11552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
    3⤵
    PID:17580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
    3⤵
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        5⤵
        
        PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
      4⤵
      PID:15120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
    3⤵
    PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
      4⤵
      PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51178.exe
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
    3⤵
    PID:11776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
    3⤵
    PID:17184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5865.exe
    3⤵
    PID:5240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
  2⤵
  PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
    3⤵
    PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
      4⤵
      PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
        5⤵
        
        PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
      4⤵
      PID:13484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
    3⤵
    PID:9536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
    3⤵
    PID:13360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
  2⤵
  PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
    3⤵
    PID:10544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
    3⤵
    PID:14484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
  2⤵
  PID:10212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
  2⤵
  PID:15264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
  2⤵
  PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2904 -ip 2904
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 764 -ip 764
1⤵
PID:14976

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:15168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 15808 -ip 15808
1⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 15856 -ip 15856
1⤵
PID:18496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 15848 -ip 15848
1⤵
PID:18740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 15872 -ip 15872
1⤵
PID:18864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 15880 -ip 15880
1⤵
PID:18992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 15980 -ip 15980
1⤵
PID:19040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 15384 -ip 15384
1⤵
PID:19056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 16424 -ip 16424
1⤵
PID:19088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 16440 -ip 16440
1⤵
PID:19100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 16432 -ip 16432
1⤵
PID:19116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 16448 -ip 16448
1⤵
PID:19136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 16456 -ip 16456
1⤵
PID:19164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 16472 -ip 16472
1⤵
PID:19224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 16464 -ip 16464
1⤵
PID:19232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 16480 -ip 16480
1⤵
PID:19244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 16488 -ip 16488
1⤵
PID:19296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 16504 -ip 16504
1⤵
PID:19304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 16568 -ip 16568
1⤵
PID:19336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 16060 -ip 16060
1⤵
PID:19364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 17212 -ip 17212
1⤵
PID:19376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe

Filesize
468KB

MD5
ffc75f0d5d78c1f8750e23b0ca7fa15a

SHA1
4a7ac8382e333be646ff7ede1e64131b4e130d3b

SHA256
1a74ee6e7e398fde3ddf5a8a16b967a4eb55bfcc432b76dc584d5404527b6395

SHA512
ed561277131f3c64641002111f0f09665a4c1ac8f28fcda20a855d669d3b0ba9c65c7a37c710ab76f20e91db7fc55232945e1a3523118266f6c56d9ebe795b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe

Filesize
468KB

MD5
3198dfdf366433d5b69b973b167cf6d3

SHA1
175ab9b03dc90f1aec3a7dce9b3b4b4005eb33d7

SHA256
5a677cd1fb14902a9c46146176ffefa6d8ff0b818514462e1cc72edd17be7227

SHA512
5594a141331de8ababac9f4774d1e7f2a6926b97853e7eb74ec708f2b92bf18f19cb9e0afec3e1372e0826f590ed1bca31dddaa84d620af5536819c79e9d7061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe

Filesize
468KB

MD5
4ba328da6a727881ce70740ea389314f

SHA1
707bfc60aadf6e65606a5ec0b8ee261f4e213c46

SHA256
8844a21f1ce59d26ded4e33ba548838bbea01f683975dcf2cc1e3882e8e5d1de

SHA512
5a46c97d749d68543aa7801a28e4881793e14911418d50a8b52d003f0a98b35032ab99b9f06a7cc29faace9e0d105adb6015a2b8d9e394064041b0609ec1f890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe

Filesize
468KB

MD5
196eb60f7850b5e0e7fb04885c307d39

SHA1
812db096a21ddc879fb186cca30f7e95f8535434

SHA256
8de0d268371f13f180fbf24ac13bad27758b8cab12d396c20e878e11408d9894

SHA512
c850f52fb650f32f44802622e2838200f77ac3cf1eb59f3243c6068cec92187f711a375e29396fb524b672d8b30bb0679e7f2ae92908f7c8c36facd2bbd519ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe

Filesize
468KB

MD5
03a8b8b0ce7dc94098b7471cce6def21

SHA1
27de7fdd99aad6bee376a92f6f68dd21dfafab22

SHA256
e0bf5c19f993f0f1bbabd96be5a3bdaa236dbd4228b3c836dcc5779f6045bc6d

SHA512
0aa84887e6b90bc428639d1fa5ebea7ca6abf7ae6ef91cb603a8bf14cc8ffff390c9abb5852ddf5efc6f3dcaab379f04df4b76eca24bf76e79badd5a872bb433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe

Filesize
468KB

MD5
50362b12ac274c3e1d1e5d6d735ae777

SHA1
b31928e1cde4a7208a06592fe75b93a5430a76a2

SHA256
b1fbc0c8683c5c12c158005974430288e9c6e769ba20321af100e028beec526e

SHA512
09d9394637e5e4c7594e3c5af700b9d87ab6f0ba003daaed52ddcc79abca24efdaa2598cb6874a3a16f76ccefd4d6859a29434faeb0871e442b4dcd1cdb50a0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe

Filesize
468KB

MD5
fd878e1421e209bc68aeaeb13dc6b687

SHA1
a2662a97e504b6a9d78683b5cafc6070bcdb1b3e

SHA256
d7e28f3e6483b46967ca710d308e2b1d45fc69373fd069833218e50d84c864cf

SHA512
a6541167f00b7d523ea8f0b452669a0df912d49b5e2ce855cc280cafa773996e2b8d514b5bbcd526134851add82637b033359654b0e692d23aab0e1764f416f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe

Filesize
468KB

MD5
c8f154c13e51936c1bfbf15e32628764

SHA1
5eaf7b4d1f522f13c77733a8e96e4efc7396f6c7

SHA256
8bb23c6af54adfad40afb5b721434ad64571fc3638e38106a4d98b44b65b022f

SHA512
41bf41919c8a9aae08af1c0de1a598c811eb64c9303c51444182cf9aaa5cdd33891f80539d0792d30097f4dab3a34b7a283a0e29993f77b6feefe74a051b3c94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe

Filesize
468KB

MD5
d5a2d395c0c62be6156114ece23b58a8

SHA1
59dae6ccf920fc900b0319e86c4bc9974de34f98

SHA256
2c2efdb35041a5c1b5f15d40714e36f0b1bab8e481ea3beb228ffce95e68bf52

SHA512
a147398592c1dd28624cca6cc7eb6dd8e793b22b0b02e51c61950409c3e5cd9025b0dc9f13d4cf214c8028ad06e70d23927b83367598e5e420338740996d4f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe

Filesize
468KB

MD5
b1366309ff46e7902e7c3acc58ebd9e5

SHA1
1a0ca2290eee8e8b2248038b911740750d56989b

SHA256
c5f2d040fe0ce29e0537fde182ef8a47daf92d1fc0066f5d74349b0bcbebdf9f

SHA512
df4419218a9bfe554fd7d4525f63644fb0ae1dedf3c8aecb9e7eb6cde70122c922887787310b91c59e7e629f709edae56c2f8ee6d0d309fc9e69ce80604b3d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe

Filesize
468KB

MD5
3fc0f8e062e6f63004a9da15669f49a1

SHA1
47cd18a5d92cb8c74aec94a9ccb5263dc7e46004

SHA256
9f6dfdda00816737b57f0a9cf31afd9bce4e10430166d6abfa56d59ab1d87558

SHA512
a31b95bb750205ba83417db6a47fbaff37406f25e08b659eb2e60a500e465d9ecb386e830e98f0f80b7fd84fff85788a2010df1d2bc5035949ac64b69ecbf425

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe

Filesize
468KB

MD5
2df8bf651da798d79c208c1d392285b4

SHA1
dee7bddcade2f7960954e50eb92778e9e7691cdb

SHA256
e41e8e70c6d8dd30ced900df3e6a947e95238b203ce37edb5cd3d5070ead5ec8

SHA512
550e46c5c7815378a63cfa0596adbef485f99d56fc04ec6bcd44a54c73c67f3fec2c096b18027d560173ac103cf2918b2528ce0a8c2b6d523697cc59dde9699f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe

Filesize
468KB

MD5
aafe2177f5b9a3054ec15301e623bbdc

SHA1
c9b2333c1a0c95b70b85368bc7b75b0df8af80c9

SHA256
f1476bc8b157d2934bb275345f7bec3b998b0952dc7b110f324b50af7d56852a

SHA512
b31d78edd60f519fc02130d272d09358564f1fdf24b905eb294671ee190ad104fcdc8513bb4467ffb0e983ba16f3f5ff214c78402716958256a12f69815af2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27326.exe

Filesize
468KB

MD5
9b879b2bbdda93cef606da0f6c150a57

SHA1
61361355645d2fb3f12f7710eabe2234a7c68cb5

SHA256
577b7cd012b0f38599ffea73601e16f0233af988b97a26b74ee095c6a6f977c2

SHA512
c34564595478e4e9ad0e3dd9fb8786f407dc63ec0f306474e7ae3e51f39466e9740d470ae173a5ebce2b035219a1116b960e526b59191750fa1ec0ce98e84a1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe

Filesize
468KB

MD5
0acba5a3dfb48c4172e313e3c38e0725

SHA1
b6d2f1529916fb3743f84e6cc8e3281bc676f0a9

SHA256
b0dbb13e4b62576f2653325dfae22bd27104ab16f004903175bdb3aa170f1352

SHA512
257fb23a58f39aed905c5f1e6f9efa46e824e46f293a35c10878417f6d2b556c119cb251abf0fd5f038ca900ac12fca79d5e4c896f0b9056aa463e85c45ac369

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe

Filesize
468KB

MD5
568e99e8d5722f0dc6dfc20a93a4d671

SHA1
0c2e6485fbc2e1c69a162756650e87abb7dccd43

SHA256
7f9cfff999323d7fcb04ef7ab44fa61cc17457d8ce163906932ed69187115b7d

SHA512
8008b24170d53e994ac2d37c697be85cace694a4879c2b06232d3d71db366aaaae9af21d91f505c09bac6a38562afb1eee08a23e19f64df93bc9596d0f44274e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe

Filesize
468KB

MD5
fd9ff159e1fafa21801cb671990f8ac5

SHA1
22166d4c8d500caf2ea68bf51b414d049bb45a5b

SHA256
fa42b03c5355e2f3c351052a5440236ece57ac63d0e06e3059c06f5ef0688a60

SHA512
8081cede58f9cacd8472cd67e8136723c45a77f3e68ca74bc26437d93660f1a93610ddbeb32ad760625d41bfdee4e57d99372d382ddeefa2ab610f75facaa169

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe

Filesize
468KB

MD5
01d8c810bea5a19bc2991ffdd731c9b0

SHA1
029ae1ec3c8639f023a07b260b2b9eda5dc4fa6c

SHA256
bac6c80780ea9bb5fe3410cee07cbe041f2c739fb09ed593096f904bafd52d1f

SHA512
2e0be411d67f9b1ebd3ee552f92e823dd1fc6e235cc39a25b66729bfef80086c37bef4262c542a9a159a6926226ee0702115f8826aec410c295ac3d65074bba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41462.exe

Filesize
468KB

MD5
a6e0bd17ad6938d0af806ef90d8424c3

SHA1
7cc075de9ec89a1686f8d4e0b2a9055e57754d42

SHA256
27f9a7e6bc6c383ae838f8454067613dc11fc21a4ff05df097fe97ccff90baf4

SHA512
b44b9a88496483c3c8ec19bd5c52b207f7daee99aa8181f991985c727c20579cc5ddee90cf47f6d2e2c7192ca886ecd100e169e1525a0b77839b4ee2231f2a34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe

Filesize
468KB

MD5
938aff85e3bf440e737c5ea71ef75910

SHA1
a7a7f8210289092e5a5d73f33a34eab97875c05b

SHA256
5da2b5966573eb130b3b8e78790c9b6885e8252055184ce1d57cbe07c7a8ee1c

SHA512
7c471b4989b4c2df514c7d031db33d257b80cfcd43b570829c724076f5e4d27b4c4fad816ba5284da9ffdf251906c214241123995b2e617a0c227efc1fd64e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe

Filesize
468KB

MD5
4b2c6bc296a9c23d1452061d2069228c

SHA1
128908f97fe585fb0ddc1b002993e09fc042ba3e

SHA256
9b96d01c868157384293a93649a54449555c60fcc260a6d7536d452a8f57eadf

SHA512
77b7e6f1ce2614b31f7f82e1c59a08f1aa4d9f260803eacf943ef00d237fbb0793923af6bd96d39e24cd94a9ab2c6a327cd4b4155b55cdfabf0cb40515464d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe

Filesize
468KB

MD5
f4f67819078cfe4cd46c86ab6ec5ce52

SHA1
b9cdfc1c0e0fe96bd406bf183505323fdf1f31c9

SHA256
f739ee4b1224e15f74935959f06e5e5e9bd12ee595da0edad45b88cea2bd3cf8

SHA512
4d79d3d7af56f6552df497975eb88bf1e7533de63d1993f7e861ccc32eb54fdce4afcfadbed2704db83f02aca6b756fc14d578fa15a5bfc5ae880cc27d5d4c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe

Filesize
468KB

MD5
7b7bcf1da3ee339f42eae37069515e84

SHA1
6fcc5438c52bd69322b06def1f2d3d77a3803569

SHA256
85b36918da8839e97fa79392f3ba469673a560317531f2962668f1d1623d16a1

SHA512
9a6beafc04d05688e1b525f45c129a93c27b94971b02400b022bba5e487907869f6d3b8cac6af4ada39edf7bc358f695218045383e86dc10e749a6c9ceca2e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe

Filesize
468KB

MD5
904d04a63434a66cfff4d77d80307520

SHA1
5b35dd32c4d5dca8e81601c799a5c90d4e791ec3

SHA256
50a92e5f41496c4b2268e56ae93985205fb752d1eb03a236ed8d790e1a9a35f1

SHA512
2d9a86f1b70fed11b2594ec1637d1d48e9b39103ea46e808ea64643b6b461138d1e190ec85f873b2ebb77177b4373cf6e005c54b514124d45b1039e285a11fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe

Filesize
468KB

MD5
6908ac02d2494dc4954369d080288bff

SHA1
186b9767c42b5e77567ee42f77fe1c67d4d64455

SHA256
b8421385809ff67ab4152feccf2e395416bb26dcf83781b88365a075671d3a72

SHA512
c3e74bf9315505690d8b454c26f802066d6a2067e4dfbb8aa01283fece9da821123b217f73ec9ecfc4772c6438cf4d1b4fcfba9549a5bb810cadcfe702a024d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe

Filesize
468KB

MD5
c55f0bfa4eccf55dad32aa961c1f0352

SHA1
31ca280c0c532aeeb94cfa5f85b07488bb4e2cb0

SHA256
3e547a79e72e0af0befc108b79a96d4491df2fc7cd7f2a40385084e9e0287e7d

SHA512
ccb15d88968502c2066ef14c1beb4290e1149c467ad24614758c9e38db134452b9fc9c80b9e56083954716d6e6f8e7c730957fd0f1bb0b8cac7de4b7b18a1354

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe

Filesize
468KB

MD5
2c7a86fb9a091f7f9665e61ec129c498

SHA1
7063018233e2193f26b844c7296f0c1c60bc6498

SHA256
d14301ace34d127baa464d25dee2adde0c8c7916f545333e8f07468201c9eac3

SHA512
5c792018359c01316a4ccd067749ac5f9259895d72869c1075e49d2694f8025e1b3864edff9ba354b03dcb5a9e4e942e99a56421ee3d1de3fb3facc1725fd66b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe

Filesize
468KB

MD5
802901e4d33ded81ac6a4849f771e162

SHA1
07d7c67a04bbe6211c88d2ae18377028e56e425b

SHA256
df8e9b5f37d8ab697be346308862ffab8a0f40b66f8cc5ccdd36cde7792606bd

SHA512
ff79c1162d98a7c50881faca4f7a27e2cc6ed62c20900a153fb22da3eb25f85e0fbb07323158bf3be053be30f63976eabf4a55a331a3c0273a6d26ed55be4367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe

Filesize
468KB

MD5
fed1dda0c3c96ad3bcbef7bd12259449

SHA1
68896a9a405833471e0a41c1d59670960c395b28

SHA256
aae0b93b265aeda84888d72c48d07c56e244c2576982dc74abb474c43a286c94

SHA512
a9a7ee19efc2ecc03a2d19214d5c7e8f836674ce4a7c03e02b91ce036e227b285416256c76b6458a68bb2e3521051e5f707b7feecea44facd22594b4be32309a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63781.exe

Filesize
468KB

MD5
c39344cede2d515c9ada82957e74f3c2

SHA1
bcfdcd2bb7726113857088f38e0cf25d157e59c9

SHA256
6c823ef729096c0115a0faf2ae381c7fa73296db191a26cfdda11839607944a5

SHA512
7003c49e92e415b01bba2cd58329525145eeb577883b829e8e31ce37ea5496c15cc1b5061baca1222a1051ea9f69c39ee763cb25d4457566d30a798a65d028c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe

Filesize
468KB

MD5
950a8fc76687ed8fba0a2e36629b113d

SHA1
b5d17c2c1ac18dbaa73eb4d29b6a407ce3585f90

SHA256
16a090b85941fe3e7048b45318b29b8a3810ab19e4ab3599cacf6d0a1c070efe

SHA512
7f0b9c473b82e7ff79a28fae23d72a16b96081a55fe684dbcab574b5896a8dfa6576cebfa99100433f4e86c3f2956d69e48538d064e52f31996035e5b2c524ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64438.exe

Filesize
468KB

MD5
017527d3e84279ab161e9018aff345ba

SHA1
265ace4813b140c0489bb893314c6747070fb10b

SHA256
6658bc6c9cf735c9a8c114c90ad60ace811ef1f47b529a4835c98b7f751eb6f0

SHA512
42f75388a1a0265722627e8747a5a17268b918778ec6ec06379ab141f646f8837aba2301be4f0012a8d101c65acd26584961c19e8704656fe6e9f40707795dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe

Filesize
468KB

MD5
002e69831038c14a763911a04dc89670

SHA1
671d5b5d6ca8bff40a803981b86ecd403515c5e7

SHA256
ada351f8423aca5f1f00bfc6d4c377aaaef78810cbe3b22d3736877108b304ac

SHA512
86e3ec98c8de77df243b6a750a561faff1c010eea83693def2f424b75a7c945088cea303509f13159246188183788010afa55e65ff8c732741964c619e49c22d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe

Filesize
468KB

MD5
fd76b2c3bf2cf16b13cfa818957ac7bb

SHA1
af86fa980acaecf56c3678e19baacfa7b9418fa1

SHA256
4bbe1efcbc18fce12a3aea683cf7e916d5753056cd1a10de0705a3ffe297f050

SHA512
3e7034300b54962aed69707f9afcab2e70adb468a6bab008c745df605787e45d325ae99b4d1bdcb48cd4f99d1dd285a3622c8aef10688713cecd39b7ba123b54

Download Submit
memory/8-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/228-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/336-3965-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/388-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/392-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/668-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/672-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/744-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/796-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/900-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/916-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1164-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1252-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1472-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1476-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1524-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1628-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1704-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1704-2955-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1736-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1896-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1896-4496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-4240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1968-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2060-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2080-4260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2120-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2428-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-2959-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2900-136-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3068-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3304-149-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3328-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3400-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3428-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3536-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3588-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3860-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3912-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3928-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4112-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4116-2976-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4152-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4236-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4372-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-2958-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4628-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4636-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5160-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5176-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5188-4211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5264-4547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5440-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5488-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5508-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5516-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5588-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5596-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5608-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5668-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5700-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5728-4543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5764-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5796-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5864-3878-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6688-4491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7488-4310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7604-3938-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8056-4487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8064-4489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8364-4486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8732-4492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12756-4887-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17036-3802-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17416-4490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17580-3866-0x0000000075470000-0x00000000754E5000-memory.dmp

Filesize
468KB

Download
memory/17796-4162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17956-3876-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/18560-4783-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads