6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe
Size

468KB
MD5

252cc947cfa20e4a4a2f6eb5bff83bd8
SHA1

43df38f0eba4b4e233d4738f2bc0bfb357e959cf
SHA256

6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f
SHA512

582a9560be740aa84f3b58ebfbce2620180730c362f47e95834673fa24c67c5571627760fe94fb27c9607eca8f9be5b1206b31c18d6ab40748d5ed840cc5db67
SSDEEP

3072:ibAoogIdId5UtbYiPztjcf8/GCtvPlpSPmHELVhURem8CcGuG3lL:ibbowbUtNPJjcfUjioRefrGuG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
5040	Unicorn-14458.exe
4352	Unicorn-54469.exe
2784	Unicorn-38495.exe
1116	Unicorn-53291.exe
2336	Unicorn-26841.exe
4336	Unicorn-20710.exe
2020	Unicorn-41785.exe
1432	Unicorn-12040.exe
1660	Unicorn-61796.exe
4680	Unicorn-24293.exe
4968	Unicorn-11163.exe
2856	Unicorn-5033.exe
4564	Unicorn-28304.exe
3496	Unicorn-12787.exe
1596	Unicorn-57987.exe
4736	Unicorn-33805.exe
4716	Unicorn-30275.exe
936	Unicorn-54225.exe
3168	Unicorn-10954.exe
728	Unicorn-36135.exe
688	Unicorn-40219.exe
1228	Unicorn-61708.exe
3776	Unicorn-48122.exe
4516	Unicorn-39457.exe
4376	Unicorn-48387.exe
4412	Unicorn-1879.exe
4608	Unicorn-1879.exe
2928	Unicorn-15614.exe
2728	Unicorn-24651.exe
3260	Unicorn-3938.exe
3976	Unicorn-30681.exe
4584	Unicorn-9746.exe
1504	Unicorn-16291.exe
3928	Unicorn-16291.exe
4148	Unicorn-24194.exe
4368	Unicorn-9253.exe
5116	Unicorn-24459.exe
2780	Unicorn-22988.exe
2460	Unicorn-29673.exe
2372	Unicorn-42802.exe
2984	Unicorn-33587.exe
2816	Unicorn-21889.exe
4872	Unicorn-41755.exe
2332	Unicorn-49923.exe
4040	Unicorn-64868.exe
1872	Unicorn-19197.exe
4360	Unicorn-23281.exe
4588	Unicorn-17150.exe
3796	Unicorn-27365.exe
4344	Unicorn-31641.exe
1572	Unicorn-35460.exe
4988	Unicorn-29594.exe
3136	Unicorn-14343.exe
1784	Unicorn-19943.exe
1676	Unicorn-30878.exe
1328	Unicorn-64469.exe
4508	Unicorn-48688.exe
2184	Unicorn-19545.exe
4980	Unicorn-58174.exe
4468	Unicorn-52793.exe
1560	Unicorn-3592.exe
2844	Unicorn-49264.exe
1332	Unicorn-46571.exe
4416	Unicorn-15845.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5392	5116	WerFault.exe	127
12508	6296	WerFault.exe	260
19032	15888	WerFault.exe	806
8052	6844	WerFault.exe	1018
9464	17444	WerFault.exe	942

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16556	dwm.exe
Token: SeChangeNotifyPrivilege	16556	dwm.exe
Token: 33	16556	dwm.exe
Token: SeIncBasePriorityPrivilege	16556	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe
5040	Unicorn-14458.exe
2784	Unicorn-38495.exe
4352	Unicorn-54469.exe
1116	Unicorn-53291.exe
4336	Unicorn-20710.exe
2020	Unicorn-41785.exe
2336	Unicorn-26841.exe
1432	Unicorn-12040.exe
1660	Unicorn-61796.exe
4564	Unicorn-28304.exe
4968	Unicorn-11163.exe
4680	Unicorn-24293.exe
3496	Unicorn-12787.exe
2856	Unicorn-5033.exe
1596	Unicorn-57987.exe
4736	Unicorn-33805.exe
4716	Unicorn-30275.exe
936	Unicorn-54225.exe
3168	Unicorn-10954.exe
1228	Unicorn-61708.exe
688	Unicorn-40219.exe
3776	Unicorn-48122.exe
4516	Unicorn-39457.exe
4412	Unicorn-1879.exe
4376	Unicorn-48387.exe
2928	Unicorn-15614.exe
4608	Unicorn-1879.exe
2728	Unicorn-24651.exe
3260	Unicorn-3938.exe
3976	Unicorn-30681.exe
4584	Unicorn-9746.exe
3928	Unicorn-16291.exe
1504	Unicorn-16291.exe
4368	Unicorn-9253.exe
5116	Unicorn-24459.exe
2780	Unicorn-22988.exe
4148	Unicorn-24194.exe
2460	Unicorn-29673.exe
4760	Unicorn-57707.exe
2372	Unicorn-42802.exe
2816	Unicorn-21889.exe
2984	Unicorn-33587.exe
4872	Unicorn-41755.exe
2332	Unicorn-49923.exe
4040	Unicorn-64868.exe
4360	Unicorn-23281.exe
1872	Unicorn-19197.exe
4588	Unicorn-17150.exe
4344	Unicorn-31641.exe
4988	Unicorn-29594.exe
3796	Unicorn-27365.exe
1572	Unicorn-35460.exe
3136	Unicorn-14343.exe
1784	Unicorn-19943.exe
1676	Unicorn-30878.exe
1328	Unicorn-64469.exe
4508	Unicorn-48688.exe
2184	Unicorn-19545.exe
4980	Unicorn-58174.exe
4468	Unicorn-52793.exe
1560	Unicorn-3592.exe
2844	Unicorn-49264.exe
4416	Unicorn-15845.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 5040	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	87
PID 3416 wrote to memory of 5040	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	87
PID 3416 wrote to memory of 5040	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	87
PID 5040 wrote to memory of 4352	5040	Unicorn-14458.exe	91
PID 5040 wrote to memory of 4352	5040	Unicorn-14458.exe	91
PID 5040 wrote to memory of 4352	5040	Unicorn-14458.exe	91
PID 3416 wrote to memory of 2784	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	92
PID 3416 wrote to memory of 2784	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	92
PID 3416 wrote to memory of 2784	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	92
PID 2784 wrote to memory of 1116	2784	Unicorn-38495.exe	94
PID 2784 wrote to memory of 1116	2784	Unicorn-38495.exe	94
PID 2784 wrote to memory of 1116	2784	Unicorn-38495.exe	94
PID 4352 wrote to memory of 2336	4352	Unicorn-54469.exe	95
PID 4352 wrote to memory of 2336	4352	Unicorn-54469.exe	95
PID 4352 wrote to memory of 2336	4352	Unicorn-54469.exe	95
PID 3416 wrote to memory of 4336	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	96
PID 3416 wrote to memory of 4336	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	96
PID 3416 wrote to memory of 4336	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	96
PID 5040 wrote to memory of 2020	5040	Unicorn-14458.exe	97
PID 5040 wrote to memory of 2020	5040	Unicorn-14458.exe	97
PID 5040 wrote to memory of 2020	5040	Unicorn-14458.exe	97
PID 1116 wrote to memory of 1432	1116	Unicorn-53291.exe	99
PID 1116 wrote to memory of 1432	1116	Unicorn-53291.exe	99
PID 1116 wrote to memory of 1432	1116	Unicorn-53291.exe	99
PID 2784 wrote to memory of 1660	2784	Unicorn-38495.exe	100
PID 2784 wrote to memory of 1660	2784	Unicorn-38495.exe	100
PID 2784 wrote to memory of 1660	2784	Unicorn-38495.exe	100
PID 4336 wrote to memory of 4680	4336	Unicorn-20710.exe	101
PID 4336 wrote to memory of 4680	4336	Unicorn-20710.exe	101
PID 4336 wrote to memory of 4680	4336	Unicorn-20710.exe	101
PID 2336 wrote to memory of 4968	2336	Unicorn-26841.exe	102
PID 2336 wrote to memory of 4968	2336	Unicorn-26841.exe	102
PID 2336 wrote to memory of 4968	2336	Unicorn-26841.exe	102
PID 5040 wrote to memory of 2856	5040	Unicorn-14458.exe	103
PID 5040 wrote to memory of 2856	5040	Unicorn-14458.exe	103
PID 5040 wrote to memory of 2856	5040	Unicorn-14458.exe	103
PID 3416 wrote to memory of 4564	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	104
PID 3416 wrote to memory of 4564	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	104
PID 3416 wrote to memory of 4564	3416	6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe	104
PID 4352 wrote to memory of 3496	4352	Unicorn-54469.exe	105
PID 4352 wrote to memory of 3496	4352	Unicorn-54469.exe	105
PID 4352 wrote to memory of 3496	4352	Unicorn-54469.exe	105
PID 2020 wrote to memory of 1596	2020	Unicorn-41785.exe	106
PID 2020 wrote to memory of 1596	2020	Unicorn-41785.exe	106
PID 2020 wrote to memory of 1596	2020	Unicorn-41785.exe	106
PID 1432 wrote to memory of 4736	1432	Unicorn-12040.exe	107
PID 1432 wrote to memory of 4736	1432	Unicorn-12040.exe	107
PID 1432 wrote to memory of 4736	1432	Unicorn-12040.exe	107
PID 1116 wrote to memory of 4716	1116	Unicorn-53291.exe	108
PID 1116 wrote to memory of 4716	1116	Unicorn-53291.exe	108
PID 1116 wrote to memory of 4716	1116	Unicorn-53291.exe	108
PID 1660 wrote to memory of 936	1660	Unicorn-61796.exe	109
PID 1660 wrote to memory of 936	1660	Unicorn-61796.exe	109
PID 1660 wrote to memory of 936	1660	Unicorn-61796.exe	109
PID 2784 wrote to memory of 3168	2784	Unicorn-38495.exe	110
PID 2784 wrote to memory of 3168	2784	Unicorn-38495.exe	110
PID 2784 wrote to memory of 3168	2784	Unicorn-38495.exe	110
PID 2856 wrote to memory of 728	2856	Unicorn-5033.exe	111
PID 2856 wrote to memory of 728	2856	Unicorn-5033.exe	111
PID 2856 wrote to memory of 728	2856	Unicorn-5033.exe	111
PID 4564 wrote to memory of 688	4564	Unicorn-28304.exe	112
PID 4564 wrote to memory of 688	4564	Unicorn-28304.exe	112
PID 4564 wrote to memory of 688	4564	Unicorn-28304.exe	112
PID 3496 wrote to memory of 1228	3496	Unicorn-12787.exe	113

C:\Users\Admin\AppData\Local\Temp\6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe
"C:\Users\Admin\AppData\Local\Temp\6a79df63753c0114943f89841bd8243fd21e2077358829a56f22fb3d9f40327f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        9⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        9⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        9⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        9⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        9⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        8⤵
        
        PID:18952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        7⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        7⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        9⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        9⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
        8⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        9⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        8⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        7⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        7⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        7⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        7⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
        6⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        6⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        9⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        8⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        7⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        7⤵
        
        PID:19132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        7⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19526.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        7⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
        6⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        7⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        6⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        7⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        6⤵
        
        PID:19052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        6⤵
        
        PID:19412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
        7⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        6⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        6⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15773.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        5⤵
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        9⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        10⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        10⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        9⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        9⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        9⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
        9⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        7⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 716
        8⤵
        Program crash
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        7⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        7⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
        7⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        9⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        9⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        9⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        8⤵
        
        PID:19336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        8⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        8⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        7⤵
        
        PID:17592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        7⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        7⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4526.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11069.exe
        8⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        7⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        6⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        5⤵
        
        PID:16320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        8⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        6⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        6⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21443.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        7⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51140.exe
        5⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        6⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        7⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
        6⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        7⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        7⤵
        
        PID:19440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        5⤵
        
        PID:17896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        5⤵
        
        PID:19168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        5⤵
        
        PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        6⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        5⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        5⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        5⤵
        
        PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
      4⤵
      PID:1280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        9⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8999.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        7⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        6⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        7⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        6⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        6⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        5⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        7⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        5⤵
        
        PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        7⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        6⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        7⤵
        
        PID:19044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        6⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        5⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        5⤵
        
        PID:19204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        5⤵
        
        PID:884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        7⤵
        
        PID:19248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        5⤵
        
        PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        6⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        7⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        7⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 280
        8⤵
        Program crash
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        7⤵
        
        PID:19364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        6⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        5⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        5⤵
        
        PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
      4⤵
      PID:11384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
      4⤵
      PID:16272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
      4⤵
      Executes dropped EXE
      PID:728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        8⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        8⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        8⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        7⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        7⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        7⤵
        
        PID:17604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        7⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        7⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        6⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        7⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        7⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        8⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        7⤵
        
        PID:19292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        7⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        5⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        8⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        6⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        5⤵
        
        PID:17920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        7⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        6⤵
        
        PID:19040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        6⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        6⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        5⤵
        
        PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
      4⤵
      PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        5⤵
        
        PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
      4⤵
      PID:17412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        7⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        6⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        5⤵
        
        PID:17444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17444 -s 412
        6⤵
        Program crash
        
        PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        5⤵
        
        PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      4⤵
      PID:16604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        5⤵
        
        PID:12900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      4⤵
      PID:1352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
    3⤵
    PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
      4⤵
      PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        5⤵
        
        PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      4⤵
      PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      4⤵
      PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
      4⤵
      PID:6300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
    3⤵
    PID:8592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11308.exe
    3⤵
    PID:11144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8952.exe
    3⤵
    PID:17960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        9⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        10⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        10⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        10⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37159.exe
        9⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
        9⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        9⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        9⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        8⤵
        
        PID:17928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        7⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        9⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        9⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        9⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        9⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        9⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
        9⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        8⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        8⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        9⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        9⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        7⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        7⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        7⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        6⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        9⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        9⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        8⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        8⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        8⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
        7⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44962.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        7⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51140.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        5⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        6⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        6⤵
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        6⤵
        
        PID:19064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        5⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        5⤵
        
        PID:18664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
        9⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        9⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        8⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        8⤵
        
        PID:17528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        7⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        6⤵
        
        PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        7⤵
        
        PID:19052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        7⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        7⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        6⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        6⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        7⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        6⤵
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        7⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
      4⤵
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        6⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        7⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        5⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        5⤵
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        5⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        5⤵
        
        PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
      4⤵
      PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
      4⤵
      PID:16820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 632
        6⤵
        Program crash
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        7⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14539.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        5⤵
        
        PID:19388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        6⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        8⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        7⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        7⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        6⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        6⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        7⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
        6⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        6⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        7⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        5⤵
        
        PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        6⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        5⤵
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        5⤵
        
        PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
      4⤵
      PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
      4⤵
      PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        5⤵
        Executes dropped EXE
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1575.exe
        7⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        7⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        6⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        5⤵
        
        PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
      4⤵
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        6⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        7⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        6⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        5⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
      4⤵
      PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
      4⤵
      PID:17872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
      4⤵
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        6⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        6⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        6⤵
        
        PID:15888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15888 -s 464
        7⤵
        Program crash
        
        PID:19032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        5⤵
        
        PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
      4⤵
      PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      4⤵
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
    3⤵
    PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        5⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        6⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
      4⤵
      PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        5⤵
        
        PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      4⤵
      PID:17644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
      4⤵
      PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
    3⤵
    PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        5⤵
        
        PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
      4⤵
      PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      4⤵
      PID:17224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
    3⤵
    PID:8668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
    3⤵
    PID:6272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
    3⤵
    PID:17948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        7⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        8⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        7⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        7⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        7⤵
        
        PID:18880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        7⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        6⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        6⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
        5⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        5⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        6⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45607.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
        5⤵
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
      4⤵
      PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        5⤵
        
        PID:13984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        5⤵
        
        PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      4⤵
      PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
      4⤵
      PID:7260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        7⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        7⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        5⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        6⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        5⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        6⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        6⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        5⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        5⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        5⤵
        
        PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
      4⤵
      PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      4⤵
      PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        6⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        6⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        5⤵
        
        PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      4⤵
      PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
      4⤵
      PID:16660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        5⤵
        
        PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
      4⤵
      PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
    3⤵
    PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
      4⤵
      PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      4⤵
      PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
    3⤵
    PID:10532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
    3⤵
    PID:8692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        6⤵
        
        PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        5⤵
        
        PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        5⤵
        
        PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
      4⤵
      PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
      4⤵
      PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
      4⤵
      PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        5⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        6⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        6⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        5⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        5⤵
        
        PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
      4⤵
      PID:17544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
    3⤵
    PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4866.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      4⤵
      PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
    3⤵
    PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
      4⤵
      PID:12724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
    3⤵
    PID:11204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
    3⤵
    PID:17436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        6⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        7⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        6⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        6⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        5⤵
        
        PID:17468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
      4⤵
      PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        5⤵
        
        PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
      4⤵
      PID:15936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        5⤵
        
        PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
      4⤵
      PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
    3⤵
    PID:8516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
    3⤵
    PID:10784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
    3⤵
    PID:18000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30183.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        5⤵
        
        PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
      4⤵
      PID:15456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
    3⤵
    PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
      4⤵
      PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12559.exe
      4⤵
      PID:13872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
    3⤵
    PID:11452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
    3⤵
    PID:16416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
  2⤵
  PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
    3⤵
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
      4⤵
      PID:14664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
    3⤵
    PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
      4⤵
      PID:16968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
    3⤵
    PID:15296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
  2⤵
  PID:6376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
    3⤵
    PID:14872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
    3⤵
    PID:2660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
  2⤵
  PID:11376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
  2⤵
  PID:3884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
  2⤵
  PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5116 -ip 5116
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6296 -ip 6296
1⤵
PID:11568

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 17376 -ip 17376
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3668 -ip 3668
1⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 17444 -ip 17444
1⤵
PID:11696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe

Filesize
468KB

MD5
8ff39754ce7c9e4200ffbc6396895ead

SHA1
dd3210b7aa2c6093329bf8833f8a3ecb7d5e2b89

SHA256
c17458c07470ab9cb2f32c05c1474968d866936b601d0876fd16a4816ca02661

SHA512
51177be10139f6eabf246455c7f3760e4ec26a8e25c3482b6097c7983e4d94f2b880001f878130f24f2e6eb7634bbfd5c605a5e19a20dd41c9a8d705ef3b8a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe

Filesize
468KB

MD5
31ba66dad39f6fc7d5253aa54027c770

SHA1
ca9c441d4fd29da863f972fbcfa860354c4eeaea

SHA256
fe4f434d6122875a18a1770cbbd7dc4bf3017ce1d3345e848e1573862feafa20

SHA512
df8fa9b9e172faf171ac03013bfcdd2b3f23871093fb4b28f902e795b0f726952bd7478d6b47a877a50439bd45077ad2b3fb6df55576314453befbe0f238000f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe

Filesize
468KB

MD5
29953c1365ec1c726339135f044d608a

SHA1
e9686aa60dee85a8c28f1e9c9be0edd73e217f20

SHA256
8d173f8b063982f1471a1ccded3ad12b21cdd79399307fe65432d83c75f5b030

SHA512
a8994f9f44b8559fc3925633d9e4d216099c119ec02cd75a1992b28b42ba97952e423ec835b3384c6cf80cb520955fcdd824dcce7a0c58d5b860fccec3243046

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe

Filesize
468KB

MD5
169c728c87b24207b911ffaec6758aa0

SHA1
3aabf494b63c0d17a654d3253985ea86f695f05a

SHA256
0586562a10c26c2cdf5d83dee7468240e598c74c7c075ac188298f2624d634cb

SHA512
20bb4aa280982f799d7c5ea7494b845e8b2d0ce2b1810f3690f6f96f8f1fe797cd7dbf92586f3da133f9243d7c6a101d8491be0741053d4995945004581a3b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe

Filesize
468KB

MD5
309a88ca51e9fadb370e9f7045cb26b6

SHA1
114a7a11ffade990c668d3675632854ebee90680

SHA256
81041e433d87163b3f8cb160cb90f73f5aae5102831f87f9bc6458450867532a

SHA512
19d6b8bbeda06c4d4c54f4f7e95bf3701e3bd7c195e1843025e4e16c3df4433c981d84f61529892473df4570db9e5d145a4d115fce2ec069feb58832ab149590

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe

Filesize
468KB

MD5
2a7e684a914724ee67d46f5d2015683d

SHA1
9729d7d1b0fa4ace118dbbdabb77929c3b6a4be2

SHA256
cba8ce76591d8e0812936825b2964e2cff3418d8e24ccd80a04882a1acfc3250

SHA512
979a5d4aa575a8496621d3b212b8467fe142a4313d77e9bc72c2509913b4ac98fcaab62b7f38883c78c686004cce730f0849247eff27be2f7de7d8d8b7e3dc61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe

Filesize
468KB

MD5
6e6ae066ddf2037c5b48ebadb458c5ab

SHA1
df896353a1e9f430ce08b7895c585ecd25ceab48

SHA256
e1c0a3d9488477b82aa835696b5f415030ec5ebe534fbba4adff52234b44bde0

SHA512
82778b60d3e2daf1ce403be6e4d455294daae27610122289bc1d5a2b7a72dac5c6a05916752ea0f0b57f884938960c6ba5042f165d6201f3aed6788d5d5fab82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe

Filesize
468KB

MD5
dd4ba011c52a71e6144348e2f4f5e6c3

SHA1
e0a8e418c4e495c04d86e25d1ddbfc1fac8ab6c9

SHA256
8a8ee173b7578a0a494acecd2f0e51bcd0a7553a2a6dca666a8e6072cd554a0f

SHA512
28649a0675327c7f6fc5593909e35a10b8c8559ef8c9dcbfd7f8cff4072ed8286b4e79569705a76ab9f33b9e824f43a6460e7fff5c3f8aeaa6e0760219368ef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe

Filesize
468KB

MD5
d3f5cc48447ac19dc82aa22c9e9aaee4

SHA1
fcd01a32de2b299bd3a6dec77d89b8e8c8921ef1

SHA256
7644f20f8b9bd3f3ef7247b22ad9b823903354b6881f808995a48885cad9ceeb

SHA512
6e017abfcdcfb401db93e9f2c1636af488762e91e65863cd697e914006bc212cf5a1d4f6736344f0e2e970e8dabeb254283872866aebdb5db2dc50606993f6c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe

Filesize
468KB

MD5
08b45133263c37bc1da22353e12f103c

SHA1
a07373392be115e488888eecb70d0027c23ec674

SHA256
786eb4d5267bceee030160d7e47e8f71c84c0cac3c19bca45437fb99770fc786

SHA512
d02c6c3ff497092059c44189dd737549fcf97a24a5532061dd21b3d4761efb1b6cb3366822556d92a4f29fcb80d865eda2cb7a9e6a06ddce567ff57e7f51e9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe

Filesize
468KB

MD5
08c68fb205ac2fe1259c3cbaaa78b0a4

SHA1
9f7deb22a6521ad45b4ee863bc9f84f9e8bfe59c

SHA256
190f651417601cc9fb393b61befc8eeaba58e16765ad75b3b03057a315da6dd0

SHA512
fbd8aa147503cccb2ce688036a2d96510b4fce108fe00dc1399985201c9dc109e0e1a8cb0547cdddb631b138194661fb97d6722bc3d69930d79dd0fd6858fcf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe

Filesize
468KB

MD5
ef51758e0ed5f7bb3598704761762452

SHA1
f7c55368a460218d144abfa7466490b6aa787831

SHA256
4a2e9f7b806d6314bf0b0f66ac13f400be5ddd90693a2cac3516f08c9809d230

SHA512
54fbd568854b601ada5545ebb2a5aa9be5f166e42291648b28ad6782b7c323e4416303bc5ab35907801f159defc2f9cfdb35b2316764271cb34eb18e83405731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe

Filesize
468KB

MD5
7ca5213725c0d1f817566c1257b2bf5c

SHA1
02878193b9b90385378ed0466b756d684c07fc71

SHA256
7d97746d6b41c97177b62ca6c655ce737a3a8801c7ed129e907fe995d84421ab

SHA512
6c83484a30938e7d8001db08ed44752d04a97da29ab28ce0b15f0e6b57489cbe5e2c6571acacd6851e60378f8c2e5e333b41db031a4afe7bf35bb8ad40d5b6ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe

Filesize
468KB

MD5
a84a6ae82fd5d572ee003e21dcaf6000

SHA1
83bb83a8b63fcdbea02e448eceb1e1d785e8d0f2

SHA256
90bb83c61f9f6c167986b8cf992340ee710822167f66efd562bc773bd43aea6b

SHA512
a4eae283dceeade7c8a3bc01da64452099498de27ca8724b39fe88943dea49e709dc37a2c49dad6b55177eb3f25bfa3252b57e8e0e6253aac05ddfc0510c0bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33805.exe

Filesize
468KB

MD5
a42a5e8a0e399aa68067c4acd64599eb

SHA1
346816eead7c9fc244ccadb9a5e9812425343ec6

SHA256
1eba8ffacd1966c53f296e776190fc453cbcd76021a0cede140915ed15b4dea1

SHA512
e6cf4c34c6c6d26f847e38745203e12349f10701005d4dcff30e2c5e5b1064589a3c9ac37f0a3aa542c6ff38be35181b9192df2d232d98724725fa67d362cc61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe

Filesize
468KB

MD5
e0032a0d6ebfca132c27ebba0b6c2625

SHA1
57cdf4c975e86e5ee8f9884040291d295328e1af

SHA256
96bb2fc4ab495e30bc5b9ae821233892068b7ac3874f13511988cda13eed121b

SHA512
ecff0cf707ca70c264d7bcc517214808d3df5addc226a0c76758be750daae3362be18e1a1d16f4594dd784a774602c04f2a5f7ddaa605c245adc0d9a1d330bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe

Filesize
468KB

MD5
862c096751be0d10020d810c88920c6d

SHA1
ec2e6d9694ae6760ff87891a3082c0b4b1822eff

SHA256
fe71c25a0152509056737251fec7e83c99b755639bad2adee5ebda7ade7ff10a

SHA512
11f3b316c62aaaabdf6549691022d633662b569a5e22ee11159416bda46bf15d732442f609580c9ce044b2df1ec2483f61daa4c95f6f27125bef08d39e324c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe

Filesize
468KB

MD5
6f268f0b9119076abb39b67d70c04a6e

SHA1
67795b1eb23d22703789dda34f456bfca2dd5325

SHA256
549653499e61f8f80f901b93c29af4d9a6d17aa261d61b4d4175f201e0d3944b

SHA512
52e8e4141d4eddcfd46e25658249b7d02cb54a2f164587f33e030907ff2f96b00b68c9fa919bd7d54b87f827cb6141f27f43d40365645805a488fb05353c02d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe

Filesize
468KB

MD5
0d195d2cc4500f263849ce74a715363b

SHA1
81a9990f9da78f56bd56e78f9e034cbf8fc6815c

SHA256
3584244a79d8974abf308d370b3201c321ac7a7d919c1a6e55f45abba02b70ab

SHA512
57b4c9e033db78ac9b4ab3f39ae087c66399c952025667be3a77d4ebe182448b4d5e1305b1a42e2de9406312960361c7d91ef229588f28df21395da4b88d9fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe

Filesize
468KB

MD5
f93ab0aaa8bec9eb8b9d308e89687301

SHA1
85a16cfa661b69ea4b33c8a74c1e525e15056d5c

SHA256
496f521f547c6363107a520df2efe1475eb35456da7b97bd1e14df1af64b6801

SHA512
87b5a8b809513470adac707b590c9aea32040fe6638c444bc6c24fe8fecf1c1a0bff6ed56de29abaa129dc25ff309a553bc5c1dc9589f416d444d8399d57112a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe

Filesize
468KB

MD5
bc18c82d0e7ceae12385dbad63ede79c

SHA1
919af98d483620b95f88f0220a52717f14d1cd6d

SHA256
28b1d410d9d766885d6196fdda2210d75ddca664ffd59694371df8a7f50dedd7

SHA512
7b348f5c6ccea7cef8db6a07823e862e9ef951a12ae136b0e86b4c2e3f42ac5b905ea3ecaf6483f2875300511045f423fa7f86187173e4d62f39b03eff31b896

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe

Filesize
468KB

MD5
7189527162424ec573eb59291ea43de2

SHA1
010f098214e7814c3297fe3ca9dde4fd95ae570e

SHA256
3fcd45587378ac096ecda45c88d1ad5dbd7be31bd1b063f5e8f07b260254b4a0

SHA512
8fe2d4b67052fbbaf22d1bf9f3cf7fbd95f4b52e31ed0380b0c09439a8b445418eeaacb792207b9c30d9ea7d3cc50329ad80070d2eeb1b8ac0e0f3b7e9afdf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe

Filesize
468KB

MD5
d7d178af1f75192f1667526cf634676d

SHA1
ed3679f58d37ecc8d2c522909648d70e75ab8de4

SHA256
d5263ddb81573b34b6659206c99b260456a141404562dd61a90eff9fd112c970

SHA512
dccd555a282a3f0443f57479f976a3a4acf99c4b924a119ebe586cf7dd0c8177ab8403d7ed677d1cfad8f6b9cba14187c1e871b6ebab682824a04e97fb564c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe

Filesize
468KB

MD5
b556cb533dbf05d90ea2763401ad94de

SHA1
a119df92a03d7646b0c94d9fe76ec6d42cc2ff5b

SHA256
2ab042281be700a7bec64b9fc29dff09e94066e67784302d7efbc0caf1a415e3

SHA512
24f5e740b01b5ced5278be4dce8e72cc0cd5b05e124cd801ef455cbc4f636da5a5cc02e7132236918c4904763c175f5f9685c0e3d6a71eea4d66ba17df14335e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe

Filesize
468KB

MD5
11fabd65d4ad10e775907f0cd8579869

SHA1
f82cfc7814cd4c2c3986e021de1ec5c7656ff778

SHA256
4eb12bfa67b931c87e0426aed8654010addb1bd20d21417862cfa92f49c3bf44

SHA512
7e81a5e651cf50ccc9dd5bed186a1ae978191862bfcfe08dac5934537435d6b9dc348c34358ac9184d37a2a842374227ffa71d0a9b730a61efe2e32922744ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe

Filesize
468KB

MD5
8bc8fe1a9f8eab0612bcbd54abdedc0f

SHA1
226fda8a2dbdbd96dfa22106676f3ce79b13813c

SHA256
5a864bdda9ba24717bbefcf013d3f695a87a3d557d2200f441f71916f8d6fe31

SHA512
4921cb05754f313c0b06a69a19baae5b81b90aa735ffa1cd1b4de2199da6b290a21bd806968c58f463e94bd03e42ebc8ea98b9111aafbb0668ab844aea41bed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe

Filesize
468KB

MD5
ab00c31a0afe8fa39cff009ec2c41037

SHA1
e33dab6e46f515e21c89dd519b77000f40ac8af7

SHA256
45639a1baa87fe2af2dcc86253d3ca0f362eb5948d86801ee6f8898fc1354e8c

SHA512
f899ed53fe73e47e103d1a23eeeae0d2bd149845a4a7de214fd6613a7e39beec197656c5a4f261233e77bc99f224248992f98cde9c4ddb40924fda7558c5bbeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe

Filesize
468KB

MD5
dc78bb5c3fc4d65c8455b443b3f84170

SHA1
593a8b6fbac724171475b0a250577ff3f6a47cca

SHA256
987bc9819a2b2df6dfe44417bc1b775e8a9358b44654ba4235dbdda0c33d2500

SHA512
948cfa2ebf42a908357a5a1d8ba2571befc901fbbc60bd5068fcdb11afcf5a884e5dc936d2e91ff8d1e778bfd0889c3c2b3726bfc22f4af883a811a6e816d2e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe

Filesize
468KB

MD5
442ac00a131b0d0c2a894cffb85fec1f

SHA1
7d8259e149c50daedbd2b1e73692e0c65cf14ab3

SHA256
f49449a7688ef3c74c6ff590040c1ad8051437bf3beb89e15f8d24b8c356c3d6

SHA512
97502ff81baec366cffcab9a4bcea5c2b529e8881e2309e5ea837c410646f78439e08fb740aff308514f8b4d778e39216f8375ea77ac04e9f6dc1dad0b1c8dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe

Filesize
468KB

MD5
f56f463bf904083953fe6a663abbfa3a

SHA1
a8c8e9a2ffb102c56156478b0361b5296aa28d2c

SHA256
cdbefbeb83c4766da22b3dcb853842d5e2438fcc47eee07640df51e8ffc90f41

SHA512
8861f5f51f3c86a5bfa3f300d85370119956e6d02f26ecb5da10bd7a30b83c89aa61b63153f33231112aa7ff78a8b8c47d7f03a87c1c61abed72abd95429699d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe

Filesize
468KB

MD5
788341f8684f55b86fc85c6128d0fe41

SHA1
559fd37d51899fcfcbb8ae249ed4243887db2993

SHA256
5add63d44157975943fffab333fd16dad340aadca02070c1620bfbfcb6e20c8f

SHA512
413ed742f34d840d8767ab080c2e1688cf8716519c25e04630604cb71e88ff68b034bdd3c5ad4fc0b3dd6788f6b0db5d6984303ff71ff2cce96a308847c44cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe

Filesize
468KB

MD5
d64363d2582969088e9ac15c6e1d61f0

SHA1
50ff59d18a87fa07d6d9612021f38a98e933fd97

SHA256
0f751b3f798d1ee9294721e8e6226a5f8e8ba9fe103592c0e96d4225338a631d

SHA512
4bcc34897a3545cb6bd1e17ee87eae82ba74a5790eddfdf7cd451baa93be17e56ada3f01abb0be23b177e036a68b6901059aa44eb9697aa1dbea6eb2a3c5111a

Download Submit
memory/688-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/728-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/900-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1116-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1144-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1228-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1328-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1332-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1432-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1504-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1572-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1596-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1660-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1676-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1724-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1784-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1872-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2184-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2460-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2816-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2844-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2984-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3136-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3168-136-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3240-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3260-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3332-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3368-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3416-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-4953-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3496-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3668-4954-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3728-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3776-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3796-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3872-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3976-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4148-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4352-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4416-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4508-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4516-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4584-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4588-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4680-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4760-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4988-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5344-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5372-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5380-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5524-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5552-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5568-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5596-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5608-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-3453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5628-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5652-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5688-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5724-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5768-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5780-538-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5796-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5816-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6796-3919-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7656-4615-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7944-4602-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8792-5127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9776-3511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/10092-4931-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11660-4566-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12060-4072-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12068-4770-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12844-4947-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14848-2439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14904-2433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17120-3272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17124-3757-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17920-3952-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/19092-4946-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/19348-3304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads