ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 01:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe
Size

184KB
MD5

e881b44007674a0fbe2d273332a78a31
SHA1

884a087444e39b041ec7656baa5a8af027fa05e5
SHA256

ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f
SHA512

6f2a047e29d659cf0ac6601f62af644e92267ba17059fd3520bd468d4d095c4e23457d7b3e88332d72779b026765c9f18d7deb7dd1b75fdd0af0f42a8cb852d9
SSDEEP

3072:Bzxvskon44rYd+DZWX5B8sAzRlvPqOxiuU:BzdorE+DQ8VzRlnqOxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2264	Unicorn-4799.exe
2920	Unicorn-20803.exe
3268	Unicorn-40669.exe
3108	Unicorn-54019.exe
4464	Unicorn-31273.exe
3372	Unicorn-51139.exe
4448	Unicorn-12720.exe
4280	Unicorn-12089.exe
1936	Unicorn-38601.exe
512	Unicorn-4397.exe
712	Unicorn-10527.exe
2784	Unicorn-43392.exe
3228	Unicorn-43392.exe
5116	Unicorn-58778.exe
4800	Unicorn-39177.exe
3564	Unicorn-22656.exe
2868	Unicorn-51306.exe
348	Unicorn-29210.exe
1992	Unicorn-36785.exe
4996	Unicorn-43875.exe
4584	Unicorn-53802.exe
3420	Unicorn-60730.exe
2664	Unicorn-54378.exe
3060	Unicorn-8706.exe
2244	Unicorn-59168.exe
2552	Unicorn-8898.exe
4376	Unicorn-26496.exe
2140	Unicorn-17565.exe
2960	Unicorn-22281.exe
1656	Unicorn-55368.exe
4632	Unicorn-41882.exe
2760	Unicorn-7225.exe
3380	Unicorn-33737.exe
3200	Unicorn-57251.exe
1500	Unicorn-18640.exe
3112	Unicorn-25347.exe
956	Unicorn-42202.exe
2452	Unicorn-35849.exe
5072	Unicorn-22778.exe
2432	Unicorn-34522.exe
232	Unicorn-2617.exe
100	Unicorn-61802.exe
808	Unicorn-40369.exe
4588	Unicorn-42083.exe
4192	Unicorn-42083.exe
1988	Unicorn-9218.exe
1600	Unicorn-28954.exe
3988	Unicorn-28954.exe
4228	Unicorn-9410.exe
1096	Unicorn-27008.exe
380	Unicorn-27008.exe
4248	Unicorn-42144.exe
804	Unicorn-42144.exe
836	Unicorn-62010.exe
4644	Unicorn-62010.exe
5028	Unicorn-17385.exe
1924	Unicorn-33920.exe
3648	Unicorn-51246.exe
4496	Unicorn-37510.exe
3736	Unicorn-57111.exe
528	Unicorn-58938.exe
2948	Unicorn-17447.exe
5092	Unicorn-4034.exe
1860	Unicorn-36768.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
8056	2248	WerFault.exe	285
7884	6784	WerFault.exe	282
7268	6844	WerFault.exe	284
8144	6820	WerFault.exe	283
9700	9428	WerFault.exe	468
9684	9448	WerFault.exe	470
14736	11640	WerFault.exe	700
15916	12780	WerFault.exe	701
16296	16376	Process not Found	1043
16164	6776	Process not Found	992
16356	7952	Process not Found	1034

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15436	dwm.exe
Token: SeChangeNotifyPrivilege	15436	dwm.exe
Token: 33	15436	dwm.exe
Token: SeIncBasePriorityPrivilege	15436	dwm.exe
Token: SeCreateGlobalPrivilege	8504	Process not Found
Token: SeChangeNotifyPrivilege	8504	Process not Found
Token: 33	8504	Process not Found
Token: SeIncBasePriorityPrivilege	8504	Process not Found
Token: SeCreateGlobalPrivilege	12472	Process not Found
Token: SeChangeNotifyPrivilege	12472	Process not Found
Token: 33	12472	Process not Found
Token: SeIncBasePriorityPrivilege	12472	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe
2264	Unicorn-4799.exe
3268	Unicorn-40669.exe
2920	Unicorn-20803.exe
3108	Unicorn-54019.exe
4464	Unicorn-31273.exe
3372	Unicorn-51139.exe
4448	Unicorn-12720.exe
4280	Unicorn-12089.exe
1936	Unicorn-38601.exe
3228	Unicorn-43392.exe
512	Unicorn-4397.exe
712	Unicorn-10527.exe
5116	Unicorn-58778.exe
4800	Unicorn-39177.exe
2784	Unicorn-43392.exe
3564	Unicorn-22656.exe
2868	Unicorn-51306.exe
348	Unicorn-29210.exe
1992	Unicorn-36785.exe
4996	Unicorn-43875.exe
4584	Unicorn-53802.exe
3420	Unicorn-60730.exe
2140	Unicorn-17565.exe
2244	Unicorn-59168.exe
4376	Unicorn-26496.exe
2552	Unicorn-8898.exe
3060	Unicorn-8706.exe
4632	Unicorn-41882.exe
2664	Unicorn-54378.exe
1656	Unicorn-55368.exe
2960	Unicorn-22281.exe
2760	Unicorn-7225.exe
3380	Unicorn-33737.exe
3200	Unicorn-57251.exe
1500	Unicorn-18640.exe
3112	Unicorn-25347.exe
956	Unicorn-42202.exe
2452	Unicorn-35849.exe
5072	Unicorn-22778.exe
2432	Unicorn-34522.exe
232	Unicorn-2617.exe
100	Unicorn-61802.exe
808	Unicorn-40369.exe
4192	Unicorn-42083.exe
4588	Unicorn-42083.exe
1988	Unicorn-9218.exe
4228	Unicorn-9410.exe
1600	Unicorn-28954.exe
3988	Unicorn-28954.exe
804	Unicorn-42144.exe
1096	Unicorn-27008.exe
4248	Unicorn-42144.exe
5028	Unicorn-17385.exe
1924	Unicorn-33920.exe
4496	Unicorn-37510.exe
4644	Unicorn-62010.exe
836	Unicorn-62010.exe
380	Unicorn-27008.exe
3648	Unicorn-51246.exe
3736	Unicorn-57111.exe
528	Unicorn-58938.exe
2948	Unicorn-17447.exe
5092	Unicorn-4034.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2264	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	87
PID 2456 wrote to memory of 2264	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	87
PID 2456 wrote to memory of 2264	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	87
PID 2456 wrote to memory of 2920	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	90
PID 2456 wrote to memory of 2920	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	90
PID 2456 wrote to memory of 2920	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	90
PID 2264 wrote to memory of 3268	2264	Unicorn-4799.exe	91
PID 2264 wrote to memory of 3268	2264	Unicorn-4799.exe	91
PID 2264 wrote to memory of 3268	2264	Unicorn-4799.exe	91
PID 3268 wrote to memory of 3108	3268	Unicorn-40669.exe	94
PID 3268 wrote to memory of 3108	3268	Unicorn-40669.exe	94
PID 3268 wrote to memory of 3108	3268	Unicorn-40669.exe	94
PID 2920 wrote to memory of 3372	2920	Unicorn-20803.exe	95
PID 2920 wrote to memory of 3372	2920	Unicorn-20803.exe	95
PID 2920 wrote to memory of 3372	2920	Unicorn-20803.exe	95
PID 2264 wrote to memory of 4464	2264	Unicorn-4799.exe	96
PID 2264 wrote to memory of 4464	2264	Unicorn-4799.exe	96
PID 2264 wrote to memory of 4464	2264	Unicorn-4799.exe	96
PID 2456 wrote to memory of 4448	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	97
PID 2456 wrote to memory of 4448	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	97
PID 2456 wrote to memory of 4448	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	97
PID 3108 wrote to memory of 4280	3108	Unicorn-54019.exe	99
PID 3108 wrote to memory of 4280	3108	Unicorn-54019.exe	99
PID 3108 wrote to memory of 4280	3108	Unicorn-54019.exe	99
PID 3268 wrote to memory of 1936	3268	Unicorn-40669.exe	100
PID 3268 wrote to memory of 1936	3268	Unicorn-40669.exe	100
PID 3268 wrote to memory of 1936	3268	Unicorn-40669.exe	100
PID 2264 wrote to memory of 512	2264	Unicorn-4799.exe	102
PID 2264 wrote to memory of 512	2264	Unicorn-4799.exe	102
PID 2264 wrote to memory of 512	2264	Unicorn-4799.exe	102
PID 4464 wrote to memory of 712	4464	Unicorn-31273.exe	101
PID 4464 wrote to memory of 712	4464	Unicorn-31273.exe	101
PID 4464 wrote to memory of 712	4464	Unicorn-31273.exe	101
PID 4448 wrote to memory of 3228	4448	Unicorn-12720.exe	103
PID 4448 wrote to memory of 3228	4448	Unicorn-12720.exe	103
PID 4448 wrote to memory of 3228	4448	Unicorn-12720.exe	103
PID 3372 wrote to memory of 2784	3372	Unicorn-51139.exe	104
PID 3372 wrote to memory of 2784	3372	Unicorn-51139.exe	104
PID 3372 wrote to memory of 2784	3372	Unicorn-51139.exe	104
PID 2456 wrote to memory of 5116	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	105
PID 2456 wrote to memory of 5116	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	105
PID 2456 wrote to memory of 5116	2456	ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe	105
PID 2920 wrote to memory of 4800	2920	Unicorn-20803.exe	106
PID 2920 wrote to memory of 4800	2920	Unicorn-20803.exe	106
PID 2920 wrote to memory of 4800	2920	Unicorn-20803.exe	106
PID 4280 wrote to memory of 3564	4280	Unicorn-12089.exe	107
PID 4280 wrote to memory of 3564	4280	Unicorn-12089.exe	107
PID 4280 wrote to memory of 3564	4280	Unicorn-12089.exe	107
PID 3108 wrote to memory of 2868	3108	Unicorn-54019.exe	108
PID 3108 wrote to memory of 2868	3108	Unicorn-54019.exe	108
PID 3108 wrote to memory of 2868	3108	Unicorn-54019.exe	108
PID 1936 wrote to memory of 348	1936	Unicorn-38601.exe	109
PID 1936 wrote to memory of 348	1936	Unicorn-38601.exe	109
PID 1936 wrote to memory of 348	1936	Unicorn-38601.exe	109
PID 3268 wrote to memory of 1992	3268	Unicorn-40669.exe	110
PID 3268 wrote to memory of 1992	3268	Unicorn-40669.exe	110
PID 3268 wrote to memory of 1992	3268	Unicorn-40669.exe	110
PID 3228 wrote to memory of 4996	3228	Unicorn-43392.exe	111
PID 3228 wrote to memory of 4996	3228	Unicorn-43392.exe	111
PID 3228 wrote to memory of 4996	3228	Unicorn-43392.exe	111
PID 4448 wrote to memory of 4584	4448	Unicorn-12720.exe	112
PID 4448 wrote to memory of 4584	4448	Unicorn-12720.exe	112
PID 4448 wrote to memory of 4584	4448	Unicorn-12720.exe	112
PID 712 wrote to memory of 3420	712	Unicorn-10527.exe	113

C:\Users\Admin\AppData\Local\Temp\ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe
"C:\Users\Admin\AppData\Local\Temp\ae4f9e67efef02d7f49af0ac4a2f1d970a97422ab69deb13c2a6877297ba417f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        9⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        9⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        9⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        8⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        7⤵
        Executes dropped EXE
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        9⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        9⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        9⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        8⤵
        
        PID:18612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        8⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23168.exe
        7⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        9⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33312.exe
        9⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        9⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        8⤵
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        8⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        8⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        7⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64545.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50712.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        7⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        7⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        7⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        8⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        9⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        9⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        9⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        8⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        8⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        7⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        8⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        9⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        9⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        8⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        7⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        7⤵
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17549.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        8⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        7⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        6⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
        6⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        9⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        7⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        7⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        7⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        6⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        6⤵
        
        PID:18468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        8⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        7⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        6⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        6⤵
        
        PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        7⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        7⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
        9⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
        10⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35255.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        9⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        9⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        8⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        7⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        8⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        9⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
        8⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        7⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        7⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        6⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        6⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        8⤵
        
        PID:17600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        7⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        7⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        7⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        6⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        6⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        7⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        7⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        7⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        6⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        6⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        6⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        8⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        7⤵
        
        PID:18420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        7⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        7⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        6⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        6⤵
        
        PID:18476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        7⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        7⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        6⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        5⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        5⤵
        
        PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        7⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        7⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        6⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        6⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48858.exe
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        5⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        5⤵
        
        PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        6⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        5⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
        5⤵
        
        PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
      4⤵
      PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
      4⤵
      PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
      4⤵
      PID:7444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        9⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        9⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        9⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        9⤵
        
        PID:18440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
        8⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        8⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        7⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 464
        8⤵
        Program crash
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        7⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        7⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        8⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        7⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        7⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        7⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        6⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        6⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        5⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        5⤵
        
        PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        8⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        7⤵
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        6⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
        7⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        7⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        6⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        6⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        5⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        5⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        5⤵
        
        PID:18544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        5⤵
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
      4⤵
      PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
      4⤵
      PID:568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        8⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        8⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        8⤵
        
        PID:18568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        7⤵
        
        PID:17968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        7⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        7⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        7⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        6⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        5⤵
        
        PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        5⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        5⤵
        
        PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
      4⤵
      PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44394.exe
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        6⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        5⤵
        
        PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        6⤵
        
        PID:13628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
        5⤵
        
        PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
      4⤵
      PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
      4⤵
      PID:6648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        6⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        5⤵
        
        PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
      4⤵
      PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
      4⤵
      PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
    3⤵
    PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        5⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        5⤵
        
        PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
      4⤵
      PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
      4⤵
      PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
      4⤵
      PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
    3⤵
    PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
      4⤵
      PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
      4⤵
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
    3⤵
    PID:9704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
    3⤵
    PID:14044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
    3⤵
    PID:18324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        8⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        7⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        8⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11640 -s 464
        9⤵
        Program crash
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        8⤵
        
        PID:18348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        7⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11022.exe
        7⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        6⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        7⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        6⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-199.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        6⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        6⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        6⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        5⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        6⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        5⤵
        
        PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        8⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        8⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7897.exe
        7⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        7⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23808.exe
        7⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        7⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        5⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        5⤵
        
        PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        7⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        7⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        6⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        5⤵
        
        PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5441.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        5⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        5⤵
        
        PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        5⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        5⤵
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
      4⤵
      PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
      4⤵
      PID:864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        8⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        8⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        7⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        7⤵
        
        PID:18668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        6⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        7⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12780 -s 464
        8⤵
        Program crash
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        7⤵
        
        PID:18256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        6⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        6⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        6⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        5⤵
        
        PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6336.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        7⤵
        
        PID:18260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        6⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        5⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        5⤵
        
        PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        5⤵
        
        PID:18516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        5⤵
        
        PID:16952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
      4⤵
      PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
      4⤵
      PID:1504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        6⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        5⤵
        
        PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        6⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        6⤵
        
        PID:18580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        5⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        5⤵
        
        PID:18460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        5⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        5⤵
        
        PID:18340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
      4⤵
      PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
      4⤵
      PID:13816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
      4⤵
      PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
      4⤵
      PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        5⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        5⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        5⤵
        
        PID:18524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        5⤵
        
        PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
      4⤵
      PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
      4⤵
      PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        5⤵
        
        PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      4⤵
      PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    3⤵
    PID:7240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
    3⤵
    PID:10292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
    3⤵
    PID:14872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
    3⤵
    PID:5212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        6⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63939.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        7⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46042.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        6⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19962.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        7⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        6⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        6⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        5⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        8⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        7⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        6⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        6⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        5⤵
        
        PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        6⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
      4⤵
      PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
      4⤵
      PID:18488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        5⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        6⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 464
        7⤵
        Program crash
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        6⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 408
        7⤵
        Program crash
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        6⤵
        
        PID:17676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        6⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        5⤵
        
        PID:6844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 464
        6⤵
        Program crash
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        5⤵
        
        PID:9428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 408
        6⤵
        Program crash
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        5⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        5⤵
        
        PID:18452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
      4⤵
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        7⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        7⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        6⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        6⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        5⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        5⤵
        
        PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
      4⤵
      PID:17336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
      4⤵
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        7⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        7⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        6⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        6⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62625.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        5⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        5⤵
        
        PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
      4⤵
      PID:6820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 464
        5⤵
        Program crash
        
        PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
      4⤵
      PID:6768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        5⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        5⤵
        
        PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
      4⤵
      PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
      4⤵
      PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37815.exe
      4⤵
      PID:18096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
      4⤵
      PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
      4⤵
      PID:14964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
      4⤵
      PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
    3⤵
    PID:9440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
    3⤵
    PID:13616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
    3⤵
    PID:5300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        7⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        7⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        5⤵
        
        PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        5⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        5⤵
        
        PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
      4⤵
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
      4⤵
      PID:8624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42636.exe
        6⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        5⤵
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
        5⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        5⤵
        
        PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
      4⤵
      PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
      4⤵
      PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
      4⤵
      PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
    3⤵
    PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
        5⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
      4⤵
      PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
      4⤵
      PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
    3⤵
    PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
      4⤵
      PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
      4⤵
      PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
    3⤵
    PID:9748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
    3⤵
    PID:14548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
    3⤵
    PID:2564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32931.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29665.exe
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        5⤵
        
        PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        5⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        5⤵
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
      4⤵
      PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
      4⤵
      PID:8044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
    3⤵
    PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        5⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        5⤵
        
        PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
      4⤵
      PID:17920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
      4⤵
      PID:8116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
    3⤵
    PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
      4⤵
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
      4⤵
      PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
      4⤵
      PID:7760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
    3⤵
    PID:10752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
    3⤵
    PID:14040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
    3⤵
    PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
    3⤵
    PID:6636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        5⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        5⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        5⤵
        
        PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64555.exe
      4⤵
      PID:14028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
      4⤵
      PID:17620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
      4⤵
      PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
    3⤵
    PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
      4⤵
      PID:13304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
      4⤵
      PID:17236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
    3⤵
    PID:10732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
    3⤵
    PID:14172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
    3⤵
    PID:6892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
  2⤵
  PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
    3⤵
    PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
    3⤵
    PID:10128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
    3⤵
    PID:15048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
    3⤵
    PID:5056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
  2⤵
  PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
    3⤵
    PID:10384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
    3⤵
    PID:14984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
    3⤵
    PID:9104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
  2⤵
  PID:10196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
  2⤵
  PID:14076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
  2⤵
  PID:18384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
  2⤵
  PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6844 -ip 6844
1⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2248 -ip 2248
1⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6820 -ip 6820
1⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6784 -ip 6784
1⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 6800 -ip 6800
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 9428 -ip 9428
1⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 9448 -ip 9448
1⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 11640 -ip 11640
1⤵
PID:14404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 12780 -ip 12780
1⤵
PID:15492

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe

Filesize
184KB

MD5
ac209dd53222385267e9d4450feecaf4

SHA1
27a72e468d01f0800f81ec799590887bac2cde42

SHA256
f850714ae7367dabaa7c3e8dd4d5c2eb2317c5d98bb323ccfb7a89e84edf9668

SHA512
b190f5b2bf7525ed0609079c65d7650cab62dc79cd01595fb82b8d1573446872000498595c6832013f232d91f6e20e4586ce126132c0a48971026cc59c1b946b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe

Filesize
184KB

MD5
2f16709689e5a57d6fd63b13e0fe0969

SHA1
550f22d61c79805db448154ad529e9ec58670d8e

SHA256
823e19a352d563685740461feb0f389b5b710674f75d1bb81426b992db752474

SHA512
51ebac993acc5b85a3588c4b3645ca7266c8a9e89dc15b0ff39b9c3dc2a5ecb0993e804b7feac186cb3eb9b54290c05272986b2cb9ccb6df9ea379f167c0b816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe

Filesize
184KB

MD5
00736854018461b40eb943384b8a12fa

SHA1
91bbe257309c42137a675fde4b386b47635f053f

SHA256
e79c2341e7d186ebd6a25429406a2c5302464c536a7a90e4dfbffd5b0c6f2965

SHA512
96934bedfc4d4ed11e3a43e684b2c0f54ce961f5281cd44595a4124f1cc64fdd74512760af234579518e91aa28fe996a2f620dc521eea2b3de6dc488c2ccdac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe

Filesize
184KB

MD5
02a26e9b70fcd7655791f44d73979ed3

SHA1
fbd4e116851616f2dba9901786fe880ae77435b2

SHA256
5159f11f11673689ad58ccfcceab71425c7851e28cd3598b65f8e049eb29ab0d

SHA512
9bfe4cae2face6a2d303028dd9525d3022a95da20f890e7353055c3996027ead4fddc6356f1816bb97b2d826562f6a6c859558886ed03d89b7eb75bb986b02e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe

Filesize
184KB

MD5
3c785134fe78a41c8dcd7948139eb3d3

SHA1
4192b5ff4b6f4b33cfc6cbf37f7d116ef15590c5

SHA256
e9ea054a77d8c8c0c700137469d18930fb1c8253c11a29efb16139340d89462c

SHA512
cdadb8b2f018e91846f6f03cc3e5ea54a0116ffce2924b1b2debfee7f98a28080c9b43ff5847aed6d16014d14da7f47a1615a2a8b314437aeac027d176714179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe

Filesize
184KB

MD5
6d7c8ab4aaa53193224fe7d6671ebe0c

SHA1
06d05ffabe75ab4ae69bdd9099fe7ac89946184a

SHA256
91037704a035d99e4c890d53bc2537cc050edfbddc14c216ecedfda75849f93f

SHA512
5560abbf683013a57c0d7f29ac912c3967f0f0d501589f22ad9a0cf026a6aabab16f566de9a3ff1b43ceb2d0656c2b7d3ea4433813d3b23d1dfdeaf883daa6a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe

Filesize
184KB

MD5
b6689844fe6e920cbd8b5a5a6cac1027

SHA1
9b906c1f281c47376a53aa6b1fc1f88522bd17b4

SHA256
c65ea9b714f7481f1f576e2b97ec0a76d693a423e330d60c7da16f4399d7a682

SHA512
36b653f202be7c43c702e9874911215351a9202f5623a2d371a5cc6e3b2d30b057f1931273528ab40bfe340414acfca021ee1cc94c3967e00a85721ebbffeee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe

Filesize
184KB

MD5
4c20225c5fd19a2026f2591c8ed3252b

SHA1
cb957c6008769cf22d7fc41911226ceaf2a87743

SHA256
00b9898ede8e6acbf699211043aee6b27d92370617946abe9122a554ab7d12a2

SHA512
df169939d37c45459f519c59cbdf0648fd16eb0781b672c78a0633067876eaf2c8b6b6ef525c3a0503b027b48af9c3330abd6217146df06ff9b19185ee8ddb25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe

Filesize
184KB

MD5
44570be451ef9270c6103cb5847bada9

SHA1
48fc0715b5e6c7bef3ab400ab8d08065143c90c4

SHA256
14b1ef38aa5608480d002d0a1755202108ad3d3691fb220daae63bae5ad71a8e

SHA512
f2227309c7cd1e4ab5b0340f90234c0ff4685d0facaa706422a81bdda10ff023924bebf02783a8c838bdc95285403d49b4949c7fc47cf95245c21933e4f8e6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe

Filesize
184KB

MD5
a9c4244ff417af4bf43ffeeb7dc4d404

SHA1
9ff5637286e407e18264b0fe5a1f27123c7b8113

SHA256
71c8417deda45c9b5102e26b4a32382d541d1c20498173e9f68b0090044c3d90

SHA512
882adb002ffd5216af066d7137d38c96fd1bf8275204997b7b11eb1df12059735e3a306fe9c401de7792b96e208f0de215e1bfa5fcc77f7fe99a61b25d8b34ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe

Filesize
184KB

MD5
6738a4427cc76fb6fd6d5d09e1aab192

SHA1
f72da32a135c576ae681471a5927d94c0829b684

SHA256
f0514b3cae759b1c59a24d68dccb7c7ef91ffb5fc50d1939736147840fc20437

SHA512
a3e571c17e3e79e04c8bada9b0ed9c523b87063f7572779e136ac96d82546083888bc71b17977fd2438bb1946f3cfc60426b671d1f0d350eb1330e45bad2adf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe

Filesize
184KB

MD5
0a5201a48f5a70b56dc048a89b7cf682

SHA1
c7e3392d6cb6e3f1cd7ed94c0a5871f6d92145cc

SHA256
e5de03530bdb457bedd68e8bbc9033b73eec91d9742af691bba54599db41de1b

SHA512
2dfacec28d78c7dd0167e568897a608bfaa6dbfb09ed7572bb770592012eeb594dbde78c78b5c417a0b6a0a14caca0f88558a7c6d01f7f1425c1cc8811ead365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe

Filesize
184KB

MD5
1a93858a2bf6d9e27e8b56aeec43c142

SHA1
a9c591326a8fda370e4c58d17c9cdefe30321207

SHA256
37a5d49572e75d4d03b15a5ab40b905e29e32aa73ddf490b753237cffff6ed73

SHA512
3815f0d5d1b84d765f530827063e49e9583e43927262cd560cb6b5c40f4727fb15e27df1e8fba170d466e9677ff78154fbf4e0dce2835e73201a71c8e06686f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe

Filesize
184KB

MD5
7c668a76403259fa3db8ee815fb345f0

SHA1
c59681048806f25168fa31d7d3ded614059bf51c

SHA256
ba80d7ad23a74e04434b555974125732d0d4e36f64806853a707d01fee286fd9

SHA512
cdc9ef538e9bbf4aad5529542e4a516ddc30e55ff649529e7368af42ad03e18eab4cbed7b15646d99a3a9bd3a9170dea5da71526070d2325198ad5e130955fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe

Filesize
184KB

MD5
c2e42ab8c49b9496831598f9fa25ac8d

SHA1
250460f35bd5a2b322e92e0bc30503260a457d62

SHA256
ef7431348d3092fd81a544c7ae1e8e47c6a6664aee605475148671f5f091c074

SHA512
e77c531c924d1d6c9cd822722b39206d58f79bb90051513ff3319ada7f8459d73713fe92f66874fde4ac83c18083b5d69ac98e5f922187e7f45c5c533452f24c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe

Filesize
184KB

MD5
9c90f7494fcaa831a64db580b495a7f9

SHA1
52ed70f50d7ab4c1ef97b1b127d6848b524e02b1

SHA256
4546451907d24ca547229cff5320632cc54b58f49839e28d3963839716a4d558

SHA512
0f155841f689c7e97d1e73adeb6eb5adfc7a41e7d0fa011f8acbe61fdf42692a11ef47e3669fdbb2600d0196f574b4824772c101bc9f316bbfb44d99704cd4df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe

Filesize
184KB

MD5
66f27c754deec0f753b30b8d986fe3d8

SHA1
8c0581d54ed71ea37e5ff4031a21372d47e3ada7

SHA256
eb80d55df3becb048c868b80cbd106151b98aec9b6643e71aa0e37c9e701ff48

SHA512
7237a1956fc4f49ffdf24c7533801da2351d3c48c03a20b35011d41fbbb0d153d23c7a270d9658430e76accfad0a5747c0ac5ed0322793d08fddcbb658fe003a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe

Filesize
184KB

MD5
0c94617174962a548606487fb2c0ba33

SHA1
e9bc43345142ca85fca7514c2b8b97a311b6c625

SHA256
ccf72909f194e4fd8a0271307597d107772afd0ad23e13a983b926c7dadeb650

SHA512
920611e5b132f70af8cdf6dd5612f6e56b41e85d1a96088129fbe842ee4ed866126a16b5e2f47282a8912c6b53c10318f520af3f53b2094a1892191d9064cb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe

Filesize
184KB

MD5
d25a3afc227379eb3b61723d838bb26f

SHA1
c5df0404e319da9d3058091a736691ef88dd3753

SHA256
5071c758a4d503142e6a39e0cbb6b4627543cddba1d14271014e52790bd2a894

SHA512
3fdaa36f1f7883a67b8728221c8f5a22b1de4c6508b325698e35d7281b84d4e5dbd977ba3febe546421d888ef3376993df94dc4860f742b891584744d63114e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe

Filesize
184KB

MD5
c2078ce4815cc52e3ad911b1c6556c01

SHA1
486782c99ca99d3b53813feadd0ab0e7867856fc

SHA256
fb196c66fdd4b90ffc7505b69dcaf2ec272452fa8a085b17fb6932303f712625

SHA512
596479d25bc6f071f3e30c2356e3ba2cf5ce220d235eb64459c733b1c69fa558080e5f8b002181d3fdd1c5cd0bbce34a138da6b1575bdfe5c16fb7673b6cc969

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe

Filesize
184KB

MD5
486e04203b17d9de31f4d69c53e76242

SHA1
971a8a59c324d81f1cfbb34b19ecbaba7ec165a3

SHA256
98d6fdc9b630a100310abf694af16cfe703e80d338cee5222138638a07ca5b45

SHA512
d92b0add87cc9ec929642a0aaf4834d0748ec71d78a25bdf6b631bbaa098fbaa1eb79c947cfc8aa86e872f0f75aa16a69e480ae4436144e9a0e88ee8076e3e62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe

Filesize
184KB

MD5
740e4cd4f99a0594b0b8c420241cf4b8

SHA1
b35e3c7578f1e3a732f588c9642618ce215b4ece

SHA256
4d5b46291957c6f73b7fd273cadc4faa27bf76b39f2daabeccca51b89086c5aa

SHA512
145141841778fee849963046e9a4c65927d9e27235ad8c2842c61c48a205d3f076d32975b1b8ab05400aa3200c1b79ecaf1b00ccbfe902986d6dbcf653ce1c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe

Filesize
184KB

MD5
d4654a2666bb0d7997ec58151ab44ca1

SHA1
ba28588b563dfc4346f00a4576cc26cbe69d0751

SHA256
e24827837c37af7623a06b47c72d4db3c937ac34ed8bd7ada0d5eb5e59fe1d37

SHA512
39d1c40a287b033a157d4aff0a42d3f1209cb8f9e32ec9c74227c78fc880129d063ce958eb6dd005fb601e2c42004735ff7d1bc6bd142a3362a934ec72a9a6c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe

Filesize
184KB

MD5
279d20a5b41c61a931e3d9f1721e9ca4

SHA1
4fa8837d99a13e32baca4cb120e71b8d2a3d7400

SHA256
24f2798076a2f2c3c929befac1a4470a99a27e76600caf1d8d7e47fa2d56e644

SHA512
1d289c2e3134a18c79af9f7dcf44b6ac3451bd1e2b7ac75ced562a5725cd035430ed8e89c72fc8edbd4982706e7e092b671a0890f0b3aa2f05d337238ee00764

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe

Filesize
184KB

MD5
2fd6960e68203af8fe2ba397f2d25f7a

SHA1
c0761f1c2afd6308280a815fcb2a4cc738b1f6c6

SHA256
3e38c87123aaf5a21a35fb0a2994aea5e246f4f6fd7b44e0fce27e8b855a9972

SHA512
dab423ef313f5582b103312984141a9a3767fc28869ccd7a7460fae186c48e6b357d8957aeb7dea64b105a31e2a9bca078e1e9f285ceb5f45ce00a7bffbaa978

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe

Filesize
184KB

MD5
9337695c183bab893e48313e8770e4c0

SHA1
9d71acbab7cce699c210577382c4a583ef7fa81a

SHA256
5a9c07c61e7914a92e945e727ca02eb8f1ff8f10e409852a1793d1d9d55261df

SHA512
19a0d3a94c838c842305ca1d70b4d95003cc7b9265f1e9368c960b4175dcf91f007b588d931e7c53cbdfdf9b0fd55165480d29286ecf1bb3f3075e813d9ac7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe

Filesize
184KB

MD5
5fcdbf2b65ab3ab0da5474040e478707

SHA1
c3c65a19b6d98fb105b97c43bab0fea6284958ea

SHA256
78a028581b524c1e16281b647087934df6893eaba722246c84ff7eb90edab9da

SHA512
6164f9f3a24ed7e01ae16ae0a9fc10dfa7d5c45955985b7489ac781c1428fa434e892a6e7933e8509990f3ec828a0a0302ac68b0e753ecac881b3e1e41e2d062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe

Filesize
184KB

MD5
46230d32bc37f084908af2113fa8916b

SHA1
1f8f66a009947154a3f9a565bf79b30b5518d5ac

SHA256
08324454d2cbbe56907b024efa6c89b8830cd832ac457cca8c246e3631d831d1

SHA512
9a6ee5e9a6c82649edd9aefe14a81920466b530b18b6886d42168ad19f5d72433783a6954555068b837f0d49eae2a8a6aa0f776cb4acd535ca7ec06412b650f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe

Filesize
184KB

MD5
44f853356873f56a831f6875cbe9473d

SHA1
9de74e8e04e6fd6a61efe03c55f5c4c7664490d0

SHA256
5c0e0ecde5e120a733b4a9a543d66504c58e3f6cbe51c739b40c804bdcb4cc2a

SHA512
307160be58e9fafd64987b6f71549cf93e319bb1a2a23f6d9cbc31535419ce7e230690eef61bd82e1591230780be68ea9c49acd4c0b0cc08bd522a39b1c73730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe

Filesize
184KB

MD5
db74d597cf8674bc84130c8ab5164d94

SHA1
2601d744cadde5962bfd84ca92d0159bd15a8e2d

SHA256
e02cef37e4660aa635d63f9c88bb2f25ae32c89920f2364bc66767a2c2cbb618

SHA512
f745f0f58656477d6c7ab46b89448b2e8820a17bd8a7aa9a21b99ba794f0226ac0562e8b410c19caf71e92853ae1196afcf99c121dbde2c1aba753d2274a30db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe

Filesize
184KB

MD5
8f88ad6f06ffc2cb19dcaf9f43c336bd

SHA1
5815562a46549f66c21354904745150cd2a6af15

SHA256
0ecbeb38264631744f24291d5fad0960c596be6000e7ebbd3af9769452763297

SHA512
dc94500a6bfc61faabdcfe7d69db5a33d7eae89a0ee9270b00bca8211ad2e8e6dad579418c520097cae672764f6f60a7935e6de75e2695d35eaebdd5c1208a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe

Filesize
184KB

MD5
1594bc858cb897acdaaf66a9b043cb73

SHA1
32dc9114a152c4081981861c67977b96300f7dd4

SHA256
6a924a8b1051a3d5713acfbb21530a4c5c9efcfb2893160e3ed2607f2348c5ec

SHA512
2e9a91a78bdd8c99e60db79c86c455110bdd33d7cf0504508202cd32797bdcb4ecf8627852d85efba125378773d05870a9203b7df85d24e49dc05d796c5ab77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe

Filesize
184KB

MD5
a31afc0d03721fddc4e9b8ce787409aa

SHA1
dca5098f69173eb9e5b7d8264c05aad29fd81d92

SHA256
28f09393bbef258c2bcf274bbbac8202571db7cae7c5475a22daf0ab4b2faf9d

SHA512
a2f953523be425ab71453a28407a1e931b0c3e09c3da1d92a66d9cfba3694906e2dcae7f773beb0defbab5321f525c7148f1b00d77cf65d735e169d6b8cf64d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads