2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d

Analysis

max time kernel
150s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe
Size

468KB
MD5

06ab1cea8c51693b3927baad37b675f7
SHA1

edbc6333e38b00cd08caee3ee605d432d514b57b
SHA256

2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d
SHA512

70bca6ec8a6a45c2f5a888216138cfb6a01366bd3fac7ab87cea9633c8effd4ccf7d218283fb9c462d82fcffc3718ad049f07e5976b14dab1a6d60e53249d17d
SSDEEP

3072:tPoDog+dj08U2bYkPzxjff8/ECojtIpFnmHevVptPkZ3nRk+kSlS:tPgoB5U23PtjffH0DlPkhRk+k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2440	Unicorn-15538.exe
4820	Unicorn-61615.exe
2084	Unicorn-54002.exe
4884	Unicorn-11428.exe
4952	Unicorn-1214.exe
4300	Unicorn-32595.exe
1176	Unicorn-52461.exe
1324	Unicorn-39799.exe
4776	Unicorn-65050.exe
2080	Unicorn-62357.exe
3316	Unicorn-58173.exe
4548	Unicorn-64303.exe
2488	Unicorn-64038.exe
3836	Unicorn-44438.exe
508	Unicorn-4749.exe
776	Unicorn-61371.exe
4184	Unicorn-473.exe
1616	Unicorn-39389.exe
3484	Unicorn-494.exe
764	Unicorn-40765.exe
4796	Unicorn-43565.exe
1940	Unicorn-32902.exe
3172	Unicorn-2440.exe
2376	Unicorn-14692.exe
2340	Unicorn-1049.exe
1924	Unicorn-29083.exe
1936	Unicorn-2340.exe
3788	Unicorn-54142.exe
4116	Unicorn-8470.exe
700	Unicorn-59472.exe
2860	Unicorn-1126.exe
1512	Unicorn-2980.exe
4316	Unicorn-44568.exe
1752	Unicorn-54895.exe
2908	Unicorn-61017.exe
4180	Unicorn-55279.exe
4436	Unicorn-603.exe
3668	Unicorn-1802.exe
4368	Unicorn-13285.exe
5048	Unicorn-51003.exe
3952	Unicorn-56768.exe
2992	Unicorn-57033.exe
4816	Unicorn-65201.exe
1772	Unicorn-20831.exe
3560	Unicorn-12008.exe
5056	Unicorn-29021.exe
3096	Unicorn-2378.exe
2936	Unicorn-43411.exe
4292	Unicorn-43411.exe
3828	Unicorn-39327.exe
4544	Unicorn-19461.exe
4588	Unicorn-27629.exe
2124	Unicorn-27629.exe
112	Unicorn-61428.exe
4080	Unicorn-55563.exe
2856	Unicorn-52763.exe
3120	Unicorn-62440.exe
656	Unicorn-37573.exe
2368	Unicorn-43795.exe
1008	Unicorn-39711.exe
5008	Unicorn-50380.exe
4048	Unicorn-624.exe
1944	Unicorn-47779.exe
4992	Unicorn-46296.exe

Program crash 17 IoCs

pid	pid_target	Process	procid_target
4752	1924	WerFault.exe	105
5576	3100	WerFault.exe	146
7100	1636	WerFault.exe	192
5468	5192	WerFault.exe	195
7784	4024	WerFault.exe	191
8144	1636	WerFault.exe	192
9316	4024	WerFault.exe	191
9380	6688	WerFault.exe	283
11780	6688	WerFault.exe	283
10836	1612	WerFault.exe	189
12748	1612	WerFault.exe	189
12788	7020	WerFault.exe	285
13932	3656	WerFault.exe	188
13496	7020	WerFault.exe	285
15640	13744	WerFault.exe	701
16092	3656	WerFault.exe	188
6500	15476	WerFault.exe	809

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14620	dwm.exe
Token: SeChangeNotifyPrivilege	14620	dwm.exe
Token: 33	14620	dwm.exe
Token: SeIncBasePriorityPrivilege	14620	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe
2440	Unicorn-15538.exe
2084	Unicorn-54002.exe
4820	Unicorn-61615.exe
4884	Unicorn-11428.exe
4952	Unicorn-1214.exe
4300	Unicorn-32595.exe
1176	Unicorn-52461.exe
1324	Unicorn-39799.exe
4776	Unicorn-65050.exe
3836	Unicorn-44438.exe
2080	Unicorn-62357.exe
2488	Unicorn-64038.exe
3316	Unicorn-58173.exe
4548	Unicorn-64303.exe
508	Unicorn-4749.exe
776	Unicorn-61371.exe
4184	Unicorn-473.exe
3484	Unicorn-494.exe
1616	Unicorn-39389.exe
764	Unicorn-40765.exe
4796	Unicorn-43565.exe
2340	Unicorn-1049.exe
2376	Unicorn-14692.exe
3172	Unicorn-2440.exe
1940	Unicorn-32902.exe
4116	Unicorn-8470.exe
3788	Unicorn-54142.exe
1924	Unicorn-29083.exe
1936	Unicorn-2340.exe
700	Unicorn-59472.exe
2860	Unicorn-1126.exe
1512	Unicorn-2980.exe
4316	Unicorn-44568.exe
1752	Unicorn-54895.exe
2908	Unicorn-61017.exe
4180	Unicorn-55279.exe
4436	Unicorn-603.exe
3668	Unicorn-1802.exe
4368	Unicorn-13285.exe
5048	Unicorn-51003.exe
3952	Unicorn-56768.exe
2992	Unicorn-57033.exe
4816	Unicorn-65201.exe
3560	Unicorn-12008.exe
1772	Unicorn-20831.exe
3096	Unicorn-2378.exe
5056	Unicorn-29021.exe
2936	Unicorn-43411.exe
4292	Unicorn-43411.exe
3828	Unicorn-39327.exe
4544	Unicorn-19461.exe
2856	Unicorn-52763.exe
112	Unicorn-61428.exe
3120	Unicorn-62440.exe
4080	Unicorn-55563.exe
2124	Unicorn-27629.exe
4588	Unicorn-27629.exe
656	Unicorn-37573.exe
2368	Unicorn-43795.exe
1008	Unicorn-39711.exe
5008	Unicorn-50380.exe
1944	Unicorn-47779.exe
4992	Unicorn-46296.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 2440	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	80
PID 448 wrote to memory of 2440	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	80
PID 448 wrote to memory of 2440	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	80
PID 2440 wrote to memory of 4820	2440	Unicorn-15538.exe	81
PID 2440 wrote to memory of 4820	2440	Unicorn-15538.exe	81
PID 2440 wrote to memory of 4820	2440	Unicorn-15538.exe	81
PID 448 wrote to memory of 2084	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	82
PID 448 wrote to memory of 2084	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	82
PID 448 wrote to memory of 2084	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	82
PID 2084 wrote to memory of 4884	2084	Unicorn-54002.exe	83
PID 2084 wrote to memory of 4884	2084	Unicorn-54002.exe	83
PID 2084 wrote to memory of 4884	2084	Unicorn-54002.exe	83
PID 448 wrote to memory of 4952	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	84
PID 448 wrote to memory of 4952	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	84
PID 448 wrote to memory of 4952	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	84
PID 4820 wrote to memory of 1176	4820	Unicorn-61615.exe	86
PID 2440 wrote to memory of 4300	2440	Unicorn-15538.exe	85
PID 2440 wrote to memory of 4300	2440	Unicorn-15538.exe	85
PID 2440 wrote to memory of 4300	2440	Unicorn-15538.exe	85
PID 4820 wrote to memory of 1176	4820	Unicorn-61615.exe	86
PID 4820 wrote to memory of 1176	4820	Unicorn-61615.exe	86
PID 4884 wrote to memory of 1324	4884	Unicorn-11428.exe	87
PID 4884 wrote to memory of 1324	4884	Unicorn-11428.exe	87
PID 4884 wrote to memory of 1324	4884	Unicorn-11428.exe	87
PID 2084 wrote to memory of 4776	2084	Unicorn-54002.exe	88
PID 2084 wrote to memory of 4776	2084	Unicorn-54002.exe	88
PID 2084 wrote to memory of 4776	2084	Unicorn-54002.exe	88
PID 4300 wrote to memory of 2080	4300	Unicorn-32595.exe	89
PID 4300 wrote to memory of 2080	4300	Unicorn-32595.exe	89
PID 4300 wrote to memory of 2080	4300	Unicorn-32595.exe	89
PID 2440 wrote to memory of 3316	2440	Unicorn-15538.exe	90
PID 2440 wrote to memory of 3316	2440	Unicorn-15538.exe	90
PID 2440 wrote to memory of 3316	2440	Unicorn-15538.exe	90
PID 1176 wrote to memory of 4548	1176	Unicorn-52461.exe	91
PID 1176 wrote to memory of 4548	1176	Unicorn-52461.exe	91
PID 1176 wrote to memory of 4548	1176	Unicorn-52461.exe	91
PID 448 wrote to memory of 2488	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	92
PID 448 wrote to memory of 2488	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	92
PID 448 wrote to memory of 2488	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	92
PID 4820 wrote to memory of 3836	4820	Unicorn-61615.exe	93
PID 4820 wrote to memory of 3836	4820	Unicorn-61615.exe	93
PID 4820 wrote to memory of 3836	4820	Unicorn-61615.exe	93
PID 4952 wrote to memory of 508	4952	Unicorn-1214.exe	94
PID 4952 wrote to memory of 508	4952	Unicorn-1214.exe	94
PID 4952 wrote to memory of 508	4952	Unicorn-1214.exe	94
PID 1324 wrote to memory of 776	1324	Unicorn-39799.exe	95
PID 1324 wrote to memory of 776	1324	Unicorn-39799.exe	95
PID 1324 wrote to memory of 776	1324	Unicorn-39799.exe	95
PID 4884 wrote to memory of 4184	4884	Unicorn-11428.exe	96
PID 4884 wrote to memory of 4184	4884	Unicorn-11428.exe	96
PID 4884 wrote to memory of 4184	4884	Unicorn-11428.exe	96
PID 4776 wrote to memory of 1616	4776	Unicorn-65050.exe	97
PID 4776 wrote to memory of 1616	4776	Unicorn-65050.exe	97
PID 4776 wrote to memory of 1616	4776	Unicorn-65050.exe	97
PID 2488 wrote to memory of 3484	2488	Unicorn-64038.exe	98
PID 2488 wrote to memory of 3484	2488	Unicorn-64038.exe	98
PID 2488 wrote to memory of 3484	2488	Unicorn-64038.exe	98
PID 448 wrote to memory of 764	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	99
PID 448 wrote to memory of 764	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	99
PID 448 wrote to memory of 764	448	2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe	99
PID 2084 wrote to memory of 4796	2084	Unicorn-54002.exe	100
PID 2084 wrote to memory of 4796	2084	Unicorn-54002.exe	100
PID 2084 wrote to memory of 4796	2084	Unicorn-54002.exe	100
PID 2440 wrote to memory of 1940	2440	Unicorn-15538.exe	101

C:\Users\Admin\AppData\Local\Temp\2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe
"C:\Users\Admin\AppData\Local\Temp\2b0f6b8914a505c6636656e64ceaa3c2bb8c81253f4d3f8d0275054eac0aca7d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 636
        7⤵
        Program crash
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        9⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        10⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        9⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        8⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
        8⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13744 -s 464
        9⤵
        Program crash
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        7⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
        7⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        7⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        6⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        9⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19201.exe
        9⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        8⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        8⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        7⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        8⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        7⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        6⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        8⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        7⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        5⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        7⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        6⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        6⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
        5⤵
        
        PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        9⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        9⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        9⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        8⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        8⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        7⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2534.exe
        8⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        8⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        7⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        6⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        9⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        9⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        8⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        8⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        7⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        7⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        6⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        6⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        5⤵
        
        PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        6⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        8⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        7⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7349.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
        7⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        7⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        7⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        6⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        6⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        5⤵
        
        PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        5⤵
        
        PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      4⤵
      PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe
      4⤵
      PID:9848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        9⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        9⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
        9⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        8⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        8⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        8⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        7⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        7⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
        6⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        6⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        7⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        7⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        6⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        8⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        7⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        6⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        6⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        5⤵
        
        PID:12820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        8⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        7⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        7⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41417.exe
        5⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        6⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        6⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        5⤵
        
        PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        7⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        6⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        6⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        5⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        5⤵
        
        PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24605.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        5⤵
        
        PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        6⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        8⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        7⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        7⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        7⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        6⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        7⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        7⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        6⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        6⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        5⤵
        
        PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        5⤵
        
        PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
      4⤵
      PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
      4⤵
      PID:9876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        6⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        7⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        6⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        5⤵
        
        PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        5⤵
        
        PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
      4⤵
      PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
      4⤵
      PID:10668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23958.exe
        5⤵
        
        PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
      4⤵
      PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
      4⤵
      PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
      4⤵
      PID:6500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-572.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        5⤵
        
        PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
      4⤵
      PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33427.exe
      4⤵
      PID:8368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
      4⤵
      PID:5472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
    3⤵
    PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
    3⤵
    PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
    3⤵
    PID:13656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39799.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        9⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11366.exe
        10⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 636
        10⤵
        Program crash
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 616
        10⤵
        Program crash
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        9⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        9⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        9⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        8⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        9⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        9⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
        9⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        7⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        10⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
        10⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        9⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2984.exe
        8⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        8⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        8⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        7⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        6⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        6⤵
        Executes dropped EXE
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        8⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        8⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        7⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
        7⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        6⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 636
        7⤵
        Program crash
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 636
        7⤵
        Program crash
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        7⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
        6⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        6⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        6⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        6⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        8⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        7⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        6⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        7⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 636
        8⤵
        Program crash
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 656
        8⤵
        Program crash
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        7⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 716
        7⤵
        Program crash
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 752
        7⤵
        Program crash
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
        6⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        6⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        7⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        7⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        5⤵
        
        PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        6⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 720
        7⤵
        Program crash
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 720
        7⤵
        Program crash
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        7⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        6⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        6⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        5⤵
        
        PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
      4⤵
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        6⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        5⤵
        
        PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
      4⤵
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        5⤵
        
        PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
      4⤵
      PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        5⤵
        
        PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        8⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        7⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        7⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        5⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
        5⤵
        
        PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        5⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        7⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        6⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2627.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        6⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        5⤵
        
        PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
      4⤵
      PID:5192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 632
        5⤵
        Program crash
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
      4⤵
      PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
      4⤵
      PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
      4⤵
      PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28107.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        7⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        7⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58671.exe
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        6⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        7⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        7⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        6⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        5⤵
        
        PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        5⤵
        
        PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
      4⤵
      PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      4⤵
      PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
      4⤵
      PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
      4⤵
      PID:11016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        6⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        5⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        5⤵
        
        PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        5⤵
        
        PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
      4⤵
      PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
      4⤵
      PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      4⤵
      PID:432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
    3⤵
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        5⤵
        
        PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
      4⤵
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
      4⤵
      PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
      4⤵
      PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
      4⤵
      PID:16668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
    3⤵
    PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
      4⤵
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
      4⤵
      PID:14360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
    3⤵
    PID:9536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
    3⤵
    PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
    3⤵
    PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        6⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24522.exe
        7⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        7⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        6⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        6⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        6⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
        5⤵
        
        PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
      4⤵
      PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
      4⤵
      PID:11296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        7⤵
        
        PID:14624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 740
        6⤵
        Program crash
        
        PID:10836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 740
        6⤵
        Program crash
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        5⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        5⤵
        
        PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
      4⤵
      PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
      4⤵
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
    3⤵
    PID:3100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 632
      4⤵
      Program crash
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        5⤵
        
        PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
      4⤵
      PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
      4⤵
      PID:15448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
    3⤵
    PID:7744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
    3⤵
    PID:12108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
    3⤵
    PID:15392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
    3⤵
    PID:2764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        5⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        8⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        7⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        7⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        6⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        5⤵
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52321.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        6⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
      4⤵
      PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
      4⤵
      PID:15240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        7⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        7⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        6⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        6⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        5⤵
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
      4⤵
      PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
      4⤵
      PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
      4⤵
      PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
    3⤵
    PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        5⤵
        
        PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32149.exe
      4⤵
      PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        5⤵
        
        PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
      4⤵
      PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
      4⤵
      PID:13092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
    3⤵
    PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
      4⤵
      PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
      4⤵
      PID:16108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
    3⤵
    PID:9524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
    3⤵
    PID:12580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
    3⤵
    PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
    3⤵
    PID:8584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
      4⤵
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        6⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        5⤵
        
        PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
      4⤵
      PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56884.exe
      4⤵
      PID:14832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
      4⤵
      PID:12496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
    3⤵
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        5⤵
        
        PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
      4⤵
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
    3⤵
    PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
      4⤵
      PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
    3⤵
    PID:10328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
    3⤵
    PID:14372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
    3⤵
    PID:4684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
    3⤵
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
      4⤵
      PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41199.exe
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
      4⤵
      PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
      4⤵
      PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
      4⤵
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
      4⤵
      PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
      4⤵
      PID:12708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
    3⤵
    PID:8984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
    3⤵
    PID:12992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
    3⤵
    PID:14368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
    3⤵
    PID:12356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
  2⤵
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
      4⤵
      PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
      4⤵
      PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
      4⤵
      PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
    3⤵
    PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
      4⤵
      PID:15508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
    3⤵
    PID:13040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
    3⤵
    PID:15476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 15476 -s 468
      4⤵
      Program crash
      PID:6500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
    3⤵
    PID:11124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
  2⤵
  PID:6952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
    3⤵
    PID:7828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
    3⤵
    PID:13968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
    3⤵
    PID:5100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
  2⤵
  PID:9860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
  2⤵
  PID:13768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
  2⤵
  PID:15668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1924 -ip 1924
1⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3100 -ip 3100
1⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5192 -ip 5192
1⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1636 -ip 1636
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4024 -ip 4024
1⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1636 -ip 1636
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4024 -ip 4024
1⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6688 -ip 6688
1⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1612 -ip 1612
1⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6688 -ip 6688
1⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1612 -ip 1612
1⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7020 -ip 7020
1⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3656 -ip 3656
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7020 -ip 7020
1⤵
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3656 -ip 3656
1⤵
PID:15996

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe

Filesize
468KB

MD5
1a09743475cd7155b00f8e7a5176e351

SHA1
bb849f887af66b46d6bb8cf77c5cf1feab75728c

SHA256
0528b19284e0197a60d54efa5ea7e999460e24bb15c6c3aed972bad24dc1c87d

SHA512
8bca1898265d3a267b7a41dde781a423e49cad7aa99984314d7bc773ac1e540c7b88450029926300e1afbd624c4e28fe9b69e3c29ea4a58c33402a17eabbaa8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe

Filesize
468KB

MD5
83ad861bf645e330fab54f07a89c89ea

SHA1
38323fbc23d12cad3f42978ecb22e3535f47c700

SHA256
258b7e906949abbbbc221c8bbf6247fde825808367cf47e6fbb6397f8cce527c

SHA512
bfd74c78221a4c6301628f5a6977ada8e0d6318e234e2d504a0f7a5d2a2e441731f7d860edb14bee38233a488fc4e65e0ea6037649806ffdfcedfe1e3dce16dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe

Filesize
468KB

MD5
111c58c179b0148ecbe26f256635daf0

SHA1
4adcc412cda25981baeee9686854e42db3b6f335

SHA256
48e27593b508feab30842ea27634080f2c732fb951ce698ffc7d69dc19a7eda8

SHA512
99e59865ce5ae8cc4fd9a61700a0aea5db9d789aa30b1a9e3583e0ef4ea4d99c8c232790eea891910591ef22804e235b5c4e9946f0403698e3c2ef2d9e56fba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe

Filesize
468KB

MD5
3d32a5874cb61f71835d62c04be73434

SHA1
4d37ebf5599053df9270b32d96e70c89549d5545

SHA256
8e68fe2215b9a67b624087499fdd76af84ed8cb58140682fe5144a456525937a

SHA512
432d1f4238744d3026051365b26d95b308b6b2c14d420e7deb4a35c0a2853a7c3a80c4b708cd1bb9250ca9214f1de3e69a4f970e320f96b8716decaf486f68ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe

Filesize
468KB

MD5
cf671653a67d3302e580766d69b5f102

SHA1
aa2e16e9a64d9f9c0a36f3b478f5f9ea1b627f74

SHA256
60249350d1c13c5ec644f2c37f51e8228ca7ef924f2e459302c0bf3e44354ec4

SHA512
23334cbdb3455eed649d8808e295397fff6e966107955ba358dd5b4a239feb554445dddd80ca0a9d7763596c0fe88184c8dca033a105c2d2cb768def1d0024d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe

Filesize
468KB

MD5
fb7b38fc3ed0ce87acc2f6a7e4ac7945

SHA1
41076b06634d9843a65ac5d8518dc8c8051d0049

SHA256
d2c14d67ab9810f388f646e2c4269671e83a96c62441cd15c387ca41cd9c8e2d

SHA512
7a39418a278b795a83bcdb328d5cc4c2da5186279b41e72890bce22f850dec13d44f385b45d904b7c87ed4046040839d0f9a55415db510142e7b1a32282f02ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe

Filesize
468KB

MD5
f86df1958f8a5924e37c0657e12f6919

SHA1
7710c6842d5ec82d9d1d13a7acc779c81d92689f

SHA256
22b57a4e2b1f961508ab468b762a7d47f5d21de78b7fac771d7610075abb9cba

SHA512
0e3d6c48ad4184922607cbc1b140dbaf4b73ec385741f08bc582bada264cf30ed4d6e6bc64a7c2ce98c4b786ca9c7d0d69b096d109b9ac2a96c21c1ae7b9af1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe

Filesize
468KB

MD5
bd89463d42705e42df11d9d700d8bc91

SHA1
ceaba953fd0e0af3f6a5dcdeedb2664617d7b922

SHA256
e6a6cc1921be35a41e421ff13c502eb10706c553c721a3908836806ff7fe56cb

SHA512
85d710dde087da9c70ccff1bd9477691dd950632d0d15c8d7f130dc6e3f031c5ee29ea116f87bf7eda00008bca8d3d817a119794a6e7375018790ac125a8d1c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe

Filesize
468KB

MD5
a01bb67a98b6ffc3e8c5ff5bae2c5282

SHA1
c2614534503b30619759a1c69cab5415d036d34f

SHA256
8c246ec26cddc178e35a333eb6b1b2293481113a59efde73e4f3d9ce7a36d1f0

SHA512
ae8f77b7f4f16efb91c5dd4fc5412241c410978d36642ad469899be884164d1475c822f0090e3ab4789dd50af24eef8e38c95d50b6e374ac7b4b7b534fe476fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe

Filesize
468KB

MD5
ab82dad0bcfdc9b735643b16bd19b374

SHA1
0c4e3baa85041798dd9b96815f387c642f319fd5

SHA256
dba6a596bc5cd9f709f275f801aa08fbcfd859d40a276e5fdab29e19bc392232

SHA512
b9c74a7c3cc5f8253d596e54632a6ac94582bb4187e74bceb3a749de208da8c6be61af83be926836d265ef61e7f6e8d26d2fcf2f1911266cbc40b789b8d0a791

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe

Filesize
468KB

MD5
ace2bca850d158d4a974424664cd0329

SHA1
05fc6091081aad30226778288c95f6d5ec1704ea

SHA256
eb337dcedfc935241a44afe43f8da893f1029fd1d1ea804b83ac310d1b133b35

SHA512
a217229367199df15079320f8655e60e710fb090444c305289a690bb6f3e618d934724fa0df80db04fd50cc0b725c721560c749d8357c57ab2b306c0620236f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe

Filesize
468KB

MD5
ee843c4792f9eae1ed00604a2ef4b67b

SHA1
16822cc83d42c73f8b55ecbd60b516db74ec41b3

SHA256
b31da2e7123d808d97c43c14c991ab2566b90287ec99c743e8650cec11d71d92

SHA512
4e9bce6c107d4ec97700f50d0b60350a5433a26481feade6644007f6e5351802d4f70614d138f9b1b486eda6a0d5888396227dace162ae98fd816f2b5a2fff04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe

Filesize
468KB

MD5
43436fe020d67de1db07538b71c8492b

SHA1
45e29325bf6004318fd04b68c5fe938b85c18615

SHA256
f3e0bdbea29593bec519af49cc4cad533c80223c5f6b8421c2d5643ca8777beb

SHA512
dbf779349aff05f4bf71e0e72cf3a84fa284c7e0697f9c9c50dfc507390665400c79dd21bded89ea2602970ee27dd0bca0a4c6986018da85577499e1194ef098

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe

Filesize
468KB

MD5
6ca60ea9f80b83cf6ab61163314bbc5f

SHA1
b816f7e7aac3e703d0a8a45e890e5c02a47e575f

SHA256
1b519519a03b28c572a3dc7599b7451741ca87b58c74bc4acc7d9b06730c1608

SHA512
1d921d87bc388c900bd2c9a00fc257d881a40af90624a0eae7dca130702ee9231d9b12483e565a1b70970e5705a32408c123c4d79e84828459cf8a0659f1dd30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe

Filesize
468KB

MD5
872e59728c25aaf41b39460df2598461

SHA1
4190b485c33bc35eceae9a7e725192ed15e3ca95

SHA256
c0af410895da325926e0dbc1388b5b870951b916e7bdfba9b5883ccc56798dc0

SHA512
80f56736727bf7af1ce889cd9d7b11e4c2de8c81676405ba762e0fc7b21a11251575afbac51d0bfd898a27a98ba84d4c56c17be7326b0ea9b1fc18f209cf3b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39799.exe

Filesize
468KB

MD5
6593313a9eeede01687374f6cf8df383

SHA1
cedb6f96e3410de2c917c4296adba4f63c7671d8

SHA256
70e9cbf7453f43b7da59ffcbf9bc2ceb3f6be02e11985c936a49b160a89f2937

SHA512
29772547100a32286f31915f95473ca2cd363de1db7abaabccfdcf24fd52939c18ec13f6454ef74c464a67a824311436343b80f8c831b9e9736549143cff0fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe

Filesize
468KB

MD5
5ef57f53cbadd1d6ae00feee1bca9008

SHA1
bff4d6d6b14d09214d8314083259684e42185ba0

SHA256
0682773fd67f7b83514d4d39ec2f7ea693b8bd301004c30202706b51eae5fd38

SHA512
aa85f2e8cc8418b59c6e4dd083fa2f37e8d83ad1e69238429ae4285bb82462eb4852ee7210ca968685706588297bae0a859fa3bafd34918d47496b96deac0ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe

Filesize
468KB

MD5
d07c3b62671d460e3f7a829325809479

SHA1
b51f68fe6903f8a107b8ef509bbffcd6ca36bb79

SHA256
83d31c636f59a207397d79ba41ae3df1d236e02570ff458719023d1854f54407

SHA512
9d3fd7dba99e5b9c3ddbe03f92afef7b0266352732e1406ef3829e96c0539ddab83173e6b0872a9c5a131760d06dd45033d607ab04cf754b50e50aad2e774972

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe

Filesize
468KB

MD5
f95bd542ee1d85024943355ce63925ae

SHA1
347a46df0694412d837ea980bbc1e1ae8541de89

SHA256
94dd805d358d7e645534fa59688ffbc376f8a5e5d330ba4196ded36a31c4178c

SHA512
6aa329f2812b27c670438bb76b4255a66625933ee9a191228bba16f51d32ba58693bad62345f2c23104d1cf1011a4b4c61c7601067372adf4e4e92455b4613fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe

Filesize
468KB

MD5
6f08a3add9f0def98f2fed79acd62db3

SHA1
e4fc8017eb1ed845d173676eae6b8ce5066b3f4b

SHA256
13956d3f5ad5dfdd58cd710e3e0b32dd1538ca6d75862cb426bb82ab020ecfba

SHA512
de0c081c6978381fd6153a4bc7fe3d10745f2df754f9e5a6ebe49583c52b067ff10cce91ba16da29f354f90b862ea093fb75567812a1573084b1e4d762d07798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe

Filesize
468KB

MD5
82cd8c2f631e3820ef72c5760111fecd

SHA1
a7707a11b1c37a485458b8ee838c45662c23c3af

SHA256
f3b8bebd0a20698e41b1bf7436fb84a0999c4483d317cfdeb0d0b2b2bbff3ed0

SHA512
753e4430410e9a30ddd8ed584750cad0537bbe056b0cfb6d7a027d9409ba46be2e5d6fdd7b91e453d4bd9bc7abf84276c53b347936b191967f5bbe8957e3f816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe

Filesize
468KB

MD5
1fd1595613d0863352b454086ecd1cc2

SHA1
8bcc024b9fce10d957fcaca1f552fb2d7b9cfec7

SHA256
fbdc7fa132da505d59f639f639d626261f4d7f9a2a60719f234882bdb214e555

SHA512
625d28a12664a53c913da6de09c55fb274a48ddfc11306e86bf094548e1eca64d0b01aeca47e6729c9cbe8955ea230ee3bde31fb0c3d81c273ae190dab11ac95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe

Filesize
468KB

MD5
81ff060ebbd103d4d6ac815416ce455c

SHA1
b52b0d4fcd88b51126d00bd43ce312adc233fd94

SHA256
8a990c2e93b451ed27bbd616d106e1a5eff89bba09228adb7d06f1b0b5fec3b9

SHA512
2fe8b3333296724c85e1ab04e1865a5da34eef56f4723dc591ce868d38ff6d1fe8463657d3059546d315d911a8777abb0079099f507e7dcb09eabf5ce0474465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe

Filesize
468KB

MD5
2c6c80fed234aa79827a11d862cffd4d

SHA1
e31b5aae6a3bbbed516e46d6125799d01794a5e9

SHA256
5b28f12d52ed051f324e6f933e78733d0c88248ff41bf53ff7181697b039fae5

SHA512
94dd3cd49c6a1f69bd4f829109c5aaa2b8d47da0d00f9fdfab3fcb44c7b7bf9ea4ab087d4a3223a55276287f9221c47270352de5fdeb04c58f1c00dfae610811

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe

Filesize
468KB

MD5
c112066fbadcb80e0a264fe1ef879455

SHA1
eaa2901e21647df9585964b23869ba107dd3b146

SHA256
5b43268fe3b9382e192a136b14a4a8b1a90cee1f61692968976aea5da1eb611a

SHA512
e8766a4ec78f053c80591b7aaa64388746605ee77f9132666183af8962c63460c3d99ff8ab3931c342f45472660c419ca390335ef8408dfbb261138c0cef3635

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe

Filesize
468KB

MD5
7e44dd05d3502eb66eb9a982723f0daa

SHA1
6e140f81c9148f8fe9c63135e4f4677535705471

SHA256
daad484ec822d5a4f409d4f7590dd47c294287b168138f8f90c0411d54d0b133

SHA512
7e69500ad1202e2f07b2b837ef73f0a8133ffc5ed4e0de06b477dea2ce6029930b63060511582d1856788d4f7c87ec61dc16b905a0e468e3b822025e3dec403b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe

Filesize
468KB

MD5
56d909bcaf0fc4f5f8b083d3d28a64f4

SHA1
0bfce4373e2397475af58b1a5a0c980e51db13f8

SHA256
89798bc6557b2a0c089b032185e8ea913c925d474732d3184872afcc00b357dd

SHA512
2bc965511c3a39b11c5f8ad973c30443609fec2accd6d124f491b767c89de46fd2db16bf83bc4af74dbc1c1dfec71c246375af32d823089235481b72c62ef38e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe

Filesize
468KB

MD5
68fdffc470fc7c5e6f737af9e066aace

SHA1
72d73929a728219390ba7c80c45c0ca1e474bbc0

SHA256
f934e77d974b8ef5fe3f10a5ee57961f0d5a3b1ed696a925d69c6241e0664f88

SHA512
d9efad7cd59f812c62afec95eda78b16e8fc9fbbb7a91283041b357e2fdddbfddb91c1c58c1a9526449c9e02c3ab428217b8f63eefd79b45c049baaea48f2c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe

Filesize
468KB

MD5
02fea41f34602152a1d62e3c13a4c199

SHA1
e995579299fd95792e14c480a131f6cd1503d054

SHA256
feb0c5d51fbb3bc3e88f88d42ca55129a0bd38cf5e50b06b7c886946628c1820

SHA512
4ac0c4b64e4d20e0ac62a5ed2cd6ef9048cfcb65b4cfd38b66175d2fc0f0a152d011e062b215e79579b169251b9713249dd15745d3d11f38deab98fe1444d3db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe

Filesize
468KB

MD5
b69faec214ea28b4cde4ffdd0b4fde2d

SHA1
b13c725b0a6003562e82505bc3e1c56b1b5e83d0

SHA256
9c544ad200f31794e3cba5ddd8fc87f2bfa46f0b857300ad13f13ae3dcd7c959

SHA512
ae9e0d65df90cf408a18c92a24a2b9e80b33846494feb955fcb4be3e59abb4b71ce57010ebe9f4e78b4e28ad0cc3aec627f6f9fc0ac2b53d5ed432f303eda964

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe

Filesize
468KB

MD5
76c7a2664ef5bceb03fb80938e2c6c07

SHA1
8930ad16486bdb9070b7b24b2007e88a8a1403a2

SHA256
2042a2c7fe3d25daa1c617be891c8b4c42b56385afe633214a924098ef9edb47

SHA512
781e0f715fe7f93c4d99444b5922430050bd7bc5564bc0ee44ee55714f0fcfaed42fcecd1da007620f5a5a983dc659fa979f197db6d5255f05a7eb55239be51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe

Filesize
468KB

MD5
6d92f63b5c7c76c04b96feaf9b3a7173

SHA1
37f8bcc596825651d26789cb3a1c1321d67a46ec

SHA256
b99bdd3d3a39ee24c3de305a90354fe33c31b7e10bfb030ff81e0f36fd8b2529

SHA512
b28ad45a519e1d0db24fdd1e89daf75eca6e5c3b2c7e573d39957e26047716899eccf5540b4007af869743deff1ad89416cf4a81771ad89e78309c7f9689a086

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe

Filesize
468KB

MD5
022d57003f1031ba3e46d03d3c8a274f

SHA1
2ea46d3c82ea6518809a523622dd64860d0eadca

SHA256
7a3c351758ee10fa12f930f748098c17154acf5b91b091fc01a7f79555fa533d

SHA512
f4caabe7605076dff9e3221635059308850ccc3d0097ec1f9bd8ae7c37baf8d3fcf620dc9e20e644a211aafae38ff5e2182441130ba5f9a19fdb6af86cca30e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe

Filesize
468KB

MD5
061a9aa974152be54b5fd15b884d0366

SHA1
ab429d7e585527cffae4cdba795e45f943a85df2

SHA256
6507fa9e288011ef989009fd45acb045aff951ff3606aecb6c841875a9eb7755

SHA512
26b69361584b23c7957d114de40f21b9da4d7ddb1af3007ac3e72ff18c632b06ea9532dd40f2360bde5725e6d477d26147274981cdfab1b2d6439436ba2d8582

Download Submit
memory/112-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/448-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/508-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/656-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/700-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/764-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/776-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1008-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1072-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1768-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1772-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1884-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1940-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1944-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2080-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2084-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2368-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2376-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2440-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2520-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2664-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2816-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2860-217-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2924-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2936-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3076-510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3100-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3120-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-563-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3296-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3464-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3572-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3580-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3640-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3668-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3712-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3788-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3828-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3836-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3952-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3968-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4076-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4116-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4152-3076-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

Filesize
64KB

Download
memory/4152-3073-0x0000000002A70000-0x0000000002A80000-memory.dmp

Filesize
64KB

Download
memory/4152-3097-0x0000000002D00000-0x0000000002D10000-memory.dmp

Filesize
64KB

Download
memory/4152-3094-0x0000000002CD0000-0x0000000002CE0000-memory.dmp

Filesize
64KB

Download
memory/4152-3095-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

Filesize
64KB

Download
memory/4152-3096-0x0000000002CF0000-0x0000000002D00000-memory.dmp

Filesize
64KB

Download
memory/4152-3091-0x0000000002CA0000-0x0000000002CB0000-memory.dmp

Filesize
64KB

Download
memory/4152-3092-0x0000000002CB0000-0x0000000002CC0000-memory.dmp

Filesize
64KB

Download
memory/4152-3093-0x0000000002CC0000-0x0000000002CD0000-memory.dmp

Filesize
64KB

Download
memory/4152-3086-0x0000000002C50000-0x0000000002C60000-memory.dmp

Filesize
64KB

Download
memory/4152-3087-0x0000000002C60000-0x0000000002C70000-memory.dmp

Filesize
64KB

Download
memory/4152-3088-0x0000000002C70000-0x0000000002C80000-memory.dmp

Filesize
64KB

Download
memory/4152-3089-0x0000000002C80000-0x0000000002C90000-memory.dmp

Filesize
64KB

Download
memory/4152-3090-0x0000000002C90000-0x0000000002CA0000-memory.dmp

Filesize
64KB

Download
memory/4152-3077-0x0000000002BC0000-0x0000000002BD0000-memory.dmp

Filesize
64KB

Download
memory/4152-3082-0x0000000002C10000-0x0000000002C20000-memory.dmp

Filesize
64KB

Download
memory/4152-3078-0x0000000002BD0000-0x0000000002BE0000-memory.dmp

Filesize
64KB

Download
memory/4152-3079-0x0000000002BE0000-0x0000000002BF0000-memory.dmp

Filesize
64KB

Download
memory/4152-3080-0x0000000002BF0000-0x0000000002C00000-memory.dmp

Filesize
64KB

Download
memory/4152-3081-0x0000000002C00000-0x0000000002C10000-memory.dmp

Filesize
64KB

Download
memory/4152-3083-0x0000000002C20000-0x0000000002C30000-memory.dmp

Filesize
64KB

Download
memory/4152-3084-0x0000000002C30000-0x0000000002C40000-memory.dmp

Filesize
64KB

Download
memory/4152-3085-0x0000000002C40000-0x0000000002C50000-memory.dmp

Filesize
64KB

Download
memory/4152-3072-0x0000000002A60000-0x0000000002A70000-memory.dmp

Filesize
64KB

Download
memory/4152-3074-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/4152-3075-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download
memory/4152-3000-0x0000000002000000-0x0000000002010000-memory.dmp

Filesize
64KB

Download
memory/4152-3004-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download
memory/4152-3003-0x0000000002030000-0x0000000002040000-memory.dmp

Filesize
64KB

Download
memory/4152-3040-0x0000000002190000-0x00000000021A0000-memory.dmp

Filesize
64KB

Download
memory/4152-3039-0x0000000002180000-0x0000000002190000-memory.dmp

Filesize
64KB

Download
memory/4152-3020-0x0000000002100000-0x0000000002110000-memory.dmp

Filesize
64KB

Download
memory/4152-3019-0x00000000020F0000-0x0000000002100000-memory.dmp

Filesize
64KB

Download
memory/4152-3018-0x00000000020E0000-0x00000000020F0000-memory.dmp

Filesize
64KB

Download
memory/4152-3017-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/4152-3011-0x00000000020C0000-0x00000000020D0000-memory.dmp

Filesize
64KB

Download
memory/4152-3010-0x00000000020B0000-0x00000000020C0000-memory.dmp

Filesize
64KB

Download
memory/4152-3009-0x0000000002090000-0x00000000020A0000-memory.dmp

Filesize
64KB

Download
memory/4152-3008-0x0000000002080000-0x0000000002090000-memory.dmp

Filesize
64KB

Download
memory/4152-3007-0x0000000002070000-0x0000000002080000-memory.dmp

Filesize
64KB

Download
memory/4152-3006-0x0000000002060000-0x0000000002070000-memory.dmp

Filesize
64KB

Download
memory/4152-3005-0x0000000002050000-0x0000000002060000-memory.dmp

Filesize
64KB

Download
memory/4152-3002-0x0000000002020000-0x0000000002030000-memory.dmp

Filesize
64KB

Download
memory/4152-3001-0x0000000002010000-0x0000000002020000-memory.dmp

Filesize
64KB

Download
memory/4152-3033-0x0000000002110000-0x0000000002120000-memory.dmp

Filesize
64KB

Download
memory/4152-3069-0x0000000002A30000-0x0000000002A40000-memory.dmp

Filesize
64KB

Download
memory/4152-2994-0x00000000004D0000-0x00000000004E0000-memory.dmp

Filesize
64KB

Download
memory/4152-2997-0x0000000000560000-0x0000000000570000-memory.dmp

Filesize
64KB

Download
memory/4152-2996-0x0000000000550000-0x0000000000560000-memory.dmp

Filesize
64KB

Download
memory/4152-2995-0x00000000004F0000-0x0000000000500000-memory.dmp

Filesize
64KB

Download
memory/4152-2998-0x0000000000570000-0x0000000000580000-memory.dmp

Filesize
64KB

Download
memory/4152-3038-0x0000000002170000-0x0000000002180000-memory.dmp

Filesize
64KB

Download
memory/4152-3071-0x0000000002A50000-0x0000000002A60000-memory.dmp

Filesize
64KB

Download
memory/4152-3070-0x0000000002A40000-0x0000000002A50000-memory.dmp

Filesize
64KB

Download
memory/4152-2999-0x0000000000580000-0x0000000000590000-memory.dmp

Filesize
64KB

Download
memory/4152-3064-0x0000000002A20000-0x0000000002A30000-memory.dmp

Filesize
64KB

Download
memory/4152-3063-0x0000000002A10000-0x0000000002A20000-memory.dmp

Filesize
64KB

Download
memory/4152-3062-0x00000000021B0000-0x00000000021C0000-memory.dmp

Filesize
64KB

Download
memory/4152-3061-0x00000000021A0000-0x00000000021B0000-memory.dmp

Filesize
64KB

Download
memory/4152-3037-0x0000000002160000-0x0000000002170000-memory.dmp

Filesize
64KB

Download
memory/4152-3036-0x0000000002140000-0x0000000002150000-memory.dmp

Filesize
64KB

Download
memory/4152-3035-0x0000000002130000-0x0000000002140000-memory.dmp

Filesize
64KB

Download
memory/4152-3034-0x0000000002120000-0x0000000002130000-memory.dmp

Filesize
64KB

Download
memory/4180-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4184-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4316-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4548-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4640-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4796-157-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4952-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-572-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15208-2598-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads