fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 05:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe
Size

184KB
MD5

ec88a418fa921c2491961a9a80949405
SHA1

9e33d2d73005080f3cc4b5860ad7f65de818b09e
SHA256

fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5
SHA512

a6a4d2772be301b7c346866cf3e62f03a6168626ff9229f9823d850dd75bb3e30c79b4692e5bae77c262d6bca54d13b5f7d1ff26bfb9a0b082d6fed723a135d6
SSDEEP

3072:gtPLHSKrYUlPd0AtNStzWvErlvnqnviuunO:gtOK110A2z8ErlPqnviuu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4964	Unicorn-22601.exe
864	Unicorn-34417.exe
3844	Unicorn-6383.exe
4488	Unicorn-59409.exe
4584	Unicorn-56456.exe
1492	Unicorn-10784.exe
3316	Unicorn-12822.exe
1040	Unicorn-62201.exe
2828	Unicorn-62201.exe
3708	Unicorn-13000.exe
1364	Unicorn-29529.exe
3624	Unicorn-23398.exe
1528	Unicorn-9663.exe
2860	Unicorn-45600.exe
4224	Unicorn-40223.exe
768	Unicorn-4744.exe
2468	Unicorn-25911.exe
3460	Unicorn-53753.exe
2040	Unicorn-58392.exe
868	Unicorn-13296.exe
3252	Unicorn-21657.exe
4832	Unicorn-12726.exe
224	Unicorn-46161.exe
3904	Unicorn-45896.exe
1620	Unicorn-34271.exe
1760	Unicorn-54137.exe
4268	Unicorn-54137.exe
1296	Unicorn-64343.exe
656	Unicorn-1599.exe
4176	Unicorn-63849.exe
2968	Unicorn-14191.exe
4088	Unicorn-65001.exe
2964	Unicorn-65001.exe
1264	Unicorn-61280.exe
4232	Unicorn-15608.exe
4692	Unicorn-16185.exe
1160	Unicorn-51087.exe
4248	Unicorn-15993.exe
4240	Unicorn-12463.exe
3376	Unicorn-26198.exe
2744	Unicorn-53496.exe
3352	Unicorn-56257.exe
4936	Unicorn-48089.exe
1360	Unicorn-7056.exe
2228	Unicorn-21975.exe
2256	Unicorn-57408.exe
3596	Unicorn-41841.exe
2352	Unicorn-41841.exe
1436	Unicorn-33673.exe
4944	Unicorn-46672.exe
4276	Unicorn-33481.exe
1672	Unicorn-30335.exe
912	Unicorn-735.exe
968	Unicorn-17145.exe
2436	Unicorn-27350.exe
4852	Unicorn-60215.exe
3876	Unicorn-57415.exe
2172	Unicorn-18105.exe
2880	Unicorn-14575.exe
1816	Unicorn-34441.exe
1468	Unicorn-42039.exe
1480	Unicorn-56553.exe
4380	Unicorn-3631.exe
1744	Unicorn-64529.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
3208	1620	WerFault.exe	118
7608	6476	WerFault.exe	243
8292	6952	WerFault.exe	258
8532	7600	WerFault.exe	345
16180	14460	WerFault.exe	698
19296	16712	WerFault.exe	809
19328	17284	WerFault.exe	847
19352	16988	WerFault.exe	830
1200	17944	WerFault.exe	860
6360	3220	Process not Found	1053
6488	3568	Process not Found	1064
6532	5208	Process not Found	1054

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe
4964	Unicorn-22601.exe
864	Unicorn-34417.exe
3844	Unicorn-6383.exe
4488	Unicorn-59409.exe
4584	Unicorn-56456.exe
1492	Unicorn-10784.exe
3316	Unicorn-12822.exe
1040	Unicorn-62201.exe
2828	Unicorn-62201.exe
3624	Unicorn-23398.exe
2860	Unicorn-45600.exe
1364	Unicorn-29529.exe
3708	Unicorn-13000.exe
1528	Unicorn-9663.exe
4224	Unicorn-40223.exe
768	Unicorn-4744.exe
2468	Unicorn-25911.exe
3460	Unicorn-53753.exe
2040	Unicorn-58392.exe
868	Unicorn-13296.exe
4832	Unicorn-12726.exe
224	Unicorn-46161.exe
1296	Unicorn-64343.exe
4268	Unicorn-54137.exe
3252	Unicorn-21657.exe
3904	Unicorn-45896.exe
1760	Unicorn-54137.exe
656	Unicorn-1599.exe
1620	Unicorn-34271.exe
4176	Unicorn-63849.exe
2968	Unicorn-14191.exe
2964	Unicorn-65001.exe
4088	Unicorn-65001.exe
4232	Unicorn-15608.exe
1264	Unicorn-61280.exe
4692	Unicorn-16185.exe
1160	Unicorn-51087.exe
4248	Unicorn-15993.exe
4240	Unicorn-12463.exe
2744	Unicorn-53496.exe
4936	Unicorn-48089.exe
1360	Unicorn-7056.exe
3352	Unicorn-56257.exe
2256	Unicorn-57408.exe
1436	Unicorn-33673.exe
2228	Unicorn-21975.exe
2352	Unicorn-41841.exe
3596	Unicorn-41841.exe
912	Unicorn-735.exe
1672	Unicorn-30335.exe
4944	Unicorn-46672.exe
2436	Unicorn-27350.exe
3876	Unicorn-57415.exe
4852	Unicorn-60215.exe
968	Unicorn-17145.exe
4276	Unicorn-33481.exe
2172	Unicorn-18105.exe
1816	Unicorn-34441.exe
2880	Unicorn-14575.exe
1468	Unicorn-42039.exe
1480	Unicorn-56553.exe
4380	Unicorn-3631.exe
1744	Unicorn-64529.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 180 wrote to memory of 4964	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	87
PID 180 wrote to memory of 4964	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	87
PID 180 wrote to memory of 4964	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	87
PID 4964 wrote to memory of 864	4964	Unicorn-22601.exe	92
PID 4964 wrote to memory of 864	4964	Unicorn-22601.exe	92
PID 4964 wrote to memory of 864	4964	Unicorn-22601.exe	92
PID 180 wrote to memory of 3844	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	93
PID 180 wrote to memory of 3844	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	93
PID 180 wrote to memory of 3844	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	93
PID 864 wrote to memory of 4488	864	Unicorn-34417.exe	95
PID 864 wrote to memory of 4488	864	Unicorn-34417.exe	95
PID 864 wrote to memory of 4488	864	Unicorn-34417.exe	95
PID 4964 wrote to memory of 4584	4964	Unicorn-22601.exe	96
PID 4964 wrote to memory of 4584	4964	Unicorn-22601.exe	96
PID 4964 wrote to memory of 4584	4964	Unicorn-22601.exe	96
PID 3844 wrote to memory of 1492	3844	Unicorn-6383.exe	97
PID 3844 wrote to memory of 1492	3844	Unicorn-6383.exe	97
PID 3844 wrote to memory of 1492	3844	Unicorn-6383.exe	97
PID 180 wrote to memory of 3316	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	98
PID 180 wrote to memory of 3316	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	98
PID 180 wrote to memory of 3316	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	98
PID 4584 wrote to memory of 1040	4584	Unicorn-56456.exe	101
PID 4584 wrote to memory of 1040	4584	Unicorn-56456.exe	101
PID 4584 wrote to memory of 1040	4584	Unicorn-56456.exe	101
PID 4488 wrote to memory of 2828	4488	Unicorn-59409.exe	102
PID 4488 wrote to memory of 2828	4488	Unicorn-59409.exe	102
PID 4488 wrote to memory of 2828	4488	Unicorn-59409.exe	102
PID 1492 wrote to memory of 3708	1492	Unicorn-10784.exe	103
PID 1492 wrote to memory of 3708	1492	Unicorn-10784.exe	103
PID 1492 wrote to memory of 3708	1492	Unicorn-10784.exe	103
PID 3316 wrote to memory of 1364	3316	Unicorn-12822.exe	104
PID 3316 wrote to memory of 1364	3316	Unicorn-12822.exe	104
PID 3316 wrote to memory of 1364	3316	Unicorn-12822.exe	104
PID 4964 wrote to memory of 3624	4964	Unicorn-22601.exe	105
PID 4964 wrote to memory of 3624	4964	Unicorn-22601.exe	105
PID 4964 wrote to memory of 3624	4964	Unicorn-22601.exe	105
PID 3844 wrote to memory of 1528	3844	Unicorn-6383.exe	106
PID 3844 wrote to memory of 1528	3844	Unicorn-6383.exe	106
PID 3844 wrote to memory of 1528	3844	Unicorn-6383.exe	106
PID 180 wrote to memory of 2860	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	107
PID 180 wrote to memory of 2860	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	107
PID 180 wrote to memory of 2860	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	107
PID 864 wrote to memory of 4224	864	Unicorn-34417.exe	108
PID 864 wrote to memory of 4224	864	Unicorn-34417.exe	108
PID 864 wrote to memory of 4224	864	Unicorn-34417.exe	108
PID 1040 wrote to memory of 768	1040	Unicorn-62201.exe	109
PID 1040 wrote to memory of 768	1040	Unicorn-62201.exe	109
PID 1040 wrote to memory of 768	1040	Unicorn-62201.exe	109
PID 4584 wrote to memory of 2468	4584	Unicorn-56456.exe	110
PID 4584 wrote to memory of 2468	4584	Unicorn-56456.exe	110
PID 4584 wrote to memory of 2468	4584	Unicorn-56456.exe	110
PID 2828 wrote to memory of 3460	2828	Unicorn-62201.exe	111
PID 2828 wrote to memory of 3460	2828	Unicorn-62201.exe	111
PID 2828 wrote to memory of 3460	2828	Unicorn-62201.exe	111
PID 4488 wrote to memory of 2040	4488	Unicorn-59409.exe	112
PID 4488 wrote to memory of 2040	4488	Unicorn-59409.exe	112
PID 4488 wrote to memory of 2040	4488	Unicorn-59409.exe	112
PID 2860 wrote to memory of 868	2860	Unicorn-45600.exe	113
PID 2860 wrote to memory of 868	2860	Unicorn-45600.exe	113
PID 2860 wrote to memory of 868	2860	Unicorn-45600.exe	113
PID 3624 wrote to memory of 3252	3624	Unicorn-23398.exe	115
PID 3624 wrote to memory of 3252	3624	Unicorn-23398.exe	115
PID 3624 wrote to memory of 3252	3624	Unicorn-23398.exe	115
PID 180 wrote to memory of 4832	180	fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe	114

C:\Users\Admin\AppData\Local\Temp\fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe
"C:\Users\Admin\AppData\Local\Temp\fb878ee06cb98d06b3af5f9b70bac3b3815c2b732e19db3abd41eb414ecc12b5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        10⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        11⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        11⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        10⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        10⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        10⤵
        
        PID:18760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        9⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        9⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        9⤵
        
        PID:19320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        9⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        9⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        9⤵
        
        PID:19280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        9⤵
        
        PID:19396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        8⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        9⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        9⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        9⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        9⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        8⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
        8⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        8⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        8⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        8⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
        7⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        7⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        9⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        9⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        9⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        9⤵
        
        PID:19368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        8⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        8⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        8⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        8⤵
        
        PID:16988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16988 -s 444
        9⤵
        Program crash
        
        PID:19352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        7⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        7⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        8⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        8⤵
        
        PID:18656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        8⤵
        
        PID:19028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        7⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
        7⤵
        
        PID:18932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        8⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        8⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        7⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        6⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        9⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 472
        10⤵
        Program crash
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        9⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        9⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        8⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        8⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        8⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        8⤵
        
        PID:18656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        7⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        7⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        7⤵
        
        PID:19256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        6⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 720
        7⤵
        Program crash
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        6⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        6⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        5⤵
        Executes dropped EXE
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        8⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        7⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        7⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54279.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
        7⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        6⤵
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        7⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        7⤵
        
        PID:19072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        6⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        6⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        6⤵
        
        PID:18416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        6⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        5⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
        5⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        5⤵
        
        PID:19288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        8⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        8⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        8⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        8⤵
        
        PID:18944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        8⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        7⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        7⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        7⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        7⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        6⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        6⤵
        
        PID:19168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        7⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        7⤵
        
        PID:19292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        6⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        6⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        7⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        7⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        5⤵
        
        PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        9⤵
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        8⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        8⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        7⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        7⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        6⤵
        
        PID:18948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        6⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        7⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        6⤵
        
        PID:18856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        6⤵
        
        PID:19272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        5⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        5⤵
        
        PID:19032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        6⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        5⤵
        
        PID:18144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
      4⤵
      PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        9⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        9⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        9⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        9⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        9⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        9⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        8⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        8⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        8⤵
        
        PID:18692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        8⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        8⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        8⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        9⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        9⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        8⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        8⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        8⤵
        
        PID:18956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        7⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        7⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        8⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        6⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        8⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        7⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        7⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        7⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        6⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        6⤵
        
        PID:19260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        6⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        8⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        8⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        8⤵
        
        PID:18676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        7⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        7⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7068.exe
        7⤵
        
        PID:19388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        7⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        6⤵
        
        PID:17924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
        5⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1888.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        8⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        8⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        8⤵
        
        PID:18800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        7⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        6⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        7⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        6⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        6⤵
        
        PID:18780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        5⤵
        
        PID:19188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        7⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        6⤵
        
        PID:18804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        7⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        5⤵
        
        PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
        5⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        5⤵
        
        PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
      4⤵
      PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        7⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        7⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        6⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        7⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        7⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
        7⤵
        
        PID:19056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        7⤵
        
        PID:18952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        5⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        5⤵
        
        PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        7⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        5⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        6⤵
        
        PID:19416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        5⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        6⤵
        
        PID:19172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        5⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
        5⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        5⤵
        
        PID:18824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        5⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
      4⤵
      PID:13148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
      4⤵
      PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
      4⤵
      PID:19180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        7⤵
        
        PID:18776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        7⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        6⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        5⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        5⤵
        
        PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
      4⤵
      PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
      4⤵
      PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
        5⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        5⤵
        
        PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
      4⤵
      PID:14584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
      4⤵
      PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
      4⤵
      PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
      4⤵
      PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
    3⤵
    PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
      4⤵
      PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
      4⤵
      PID:19444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
    3⤵
    PID:9876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
    3⤵
    PID:14472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
    3⤵
    PID:19440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
    3⤵
    PID:18672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
        9⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        9⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        9⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        9⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        8⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        8⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        8⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        8⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3602.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        7⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
        8⤵
        
        PID:19032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        7⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        7⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        7⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        7⤵
        
        PID:19240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        6⤵
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        8⤵
        
        PID:18908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36703.exe
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        7⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        7⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        7⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        6⤵
        
        PID:18628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        6⤵
        
        PID:18576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        6⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        6⤵
        
        PID:18668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
        5⤵
        
        PID:16952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 724
        5⤵
        Program crash
        
        PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        6⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        6⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        6⤵
        
        PID:17284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17284 -s 436
        7⤵
        Program crash
        
        PID:19328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        6⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        5⤵
        
        PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        5⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        5⤵
        
        PID:19372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
      4⤵
      PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
      4⤵
      PID:17544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
        8⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        8⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        8⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        7⤵
        
        PID:18816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        6⤵
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        6⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        6⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59433.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        7⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        6⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        5⤵
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
      4⤵
      PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
      4⤵
      PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
      4⤵
      PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
      4⤵
      PID:19084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        7⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        7⤵
        
        PID:18640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18079.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        6⤵
        
        PID:19384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        5⤵
        
        PID:18880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        5⤵
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
      4⤵
      PID:19200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        6⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        6⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
      4⤵
      PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        5⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        5⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        5⤵
        
        PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
      4⤵
      PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
      4⤵
      PID:18884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
      4⤵
      PID:400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
    3⤵
    PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
      4⤵
      PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
      4⤵
      PID:18884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
    3⤵
    PID:10820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51483.exe
    3⤵
    PID:14988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        7⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        7⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        7⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        7⤵
        
        PID:19108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        6⤵
        
        PID:17500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        7⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        6⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        5⤵
        
        PID:16728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        8⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        8⤵
        
        PID:19044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        7⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        7⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        7⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        6⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        6⤵
        
        PID:14460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14460 -s 464
        7⤵
        Program crash
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        6⤵
        
        PID:18136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        5⤵
        
        PID:6952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 492
        6⤵
        Program crash
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        5⤵
        
        PID:17944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17944 -s 464
        6⤵
        Program crash
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        5⤵
        
        PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
      4⤵
      PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        5⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        5⤵
        
        PID:19048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        5⤵
        
        PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
      4⤵
      PID:13972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        6⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        5⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        5⤵
        
        PID:18368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        6⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        6⤵
        
        PID:19080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
        5⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        5⤵
        
        PID:18304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
      4⤵
      PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
      4⤵
      PID:19048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        5⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        5⤵
        
        PID:18704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
      4⤵
      PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
      4⤵
      PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
      4⤵
      PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25508.exe
      4⤵
      PID:18988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
      4⤵
      PID:16304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        5⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        5⤵
        
        PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
      4⤵
      PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
      4⤵
      PID:18400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
    3⤵
    PID:8132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
    3⤵
    PID:10860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
    3⤵
    PID:15304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        7⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        7⤵
        
        PID:19276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        6⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        6⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        5⤵
        
        PID:19392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        6⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        5⤵
        
        PID:16712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16712 -s 464
        6⤵
        Program crash
        
        PID:19296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
      4⤵
      PID:18364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
      4⤵
      PID:8436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        6⤵
        
        PID:19116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        5⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        5⤵
        
        PID:19268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        5⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        6⤵
        
        PID:19240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        6⤵
        
        PID:19236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        6⤵
        
        PID:19452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48285.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        5⤵
        
        PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
      4⤵
      PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
      4⤵
      PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
      4⤵
      PID:16860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        5⤵
        
        PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
      4⤵
      PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
      4⤵
      PID:17624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
    3⤵
    PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
      4⤵
      PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
      4⤵
      PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
      4⤵
      PID:5168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
    3⤵
    PID:9976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
    3⤵
    PID:13360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
    3⤵
    PID:3740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        6⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        6⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        5⤵
        
        PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
      4⤵
      PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1675.exe
      4⤵
      PID:17968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        5⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        5⤵
        
        PID:18620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
      4⤵
      PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
    3⤵
    PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
    3⤵
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
    3⤵
    PID:13632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
    3⤵
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        5⤵
        
        PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
      4⤵
      PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
    3⤵
    PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
      4⤵
      PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
      4⤵
      PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
    3⤵
    PID:10564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
    3⤵
    PID:14932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
    3⤵
    PID:18920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
    3⤵
    PID:3588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
  2⤵
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
      4⤵
      PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
      4⤵
      PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
      4⤵
      PID:18820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      4⤵
      PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
    3⤵
    PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
    3⤵
    PID:14388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
    3⤵
    PID:18220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
  2⤵
  PID:6612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
    3⤵
    PID:9128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
    3⤵
    PID:14320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
    3⤵
    PID:3628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
  2⤵
  PID:9856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
  2⤵
  PID:13952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
  2⤵
  PID:16884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1620 -ip 1620
1⤵
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 6476 -ip 6476
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6952 -ip 6952
1⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7600 -ip 7600
1⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 14460 -ip 14460
1⤵
PID:16152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 16136 -ip 16136
1⤵
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 18424 -ip 18424
1⤵
PID:19168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2864 -ip 2864
1⤵
PID:19048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe

Filesize
184KB

MD5
31d795c7bad6a1e431a906bb11b2fc3c

SHA1
a47ebbf1d6db5b6287ff1ef441a51199c6791a8c

SHA256
cb6be27a25ee28c8da7e9b5ccf5ad8d2dbe3707c93b598d4a2b0597ac77fb3e7

SHA512
5be01f9adb85195b71f4f1a879ddecdf4097cbbe4c306e2f3adffe8935128e257dcebeb7af9f2812a11bf8151103e2249cd8729e391479a3142709ea8c089b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe

Filesize
184KB

MD5
fd2a030798f4be5a85ff56ab829e2cc5

SHA1
3dfe481a23f02a8f325dcaeb92f2dfa17de85f54

SHA256
75f9ba2ac8f1a9bbf6f87ee99ea4897005116d72138e92a659d1f92400581b43

SHA512
95bf2786516a3bade08d0926953ce28ef0e7cb7374673d25f3ba579793418bc5407f22f44879c91ccd6bbd06997b05fdd3121f6dcad19d179411312ee865d9f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe

Filesize
184KB

MD5
64039edf9931b77f5071d80e39430cd2

SHA1
55bfa1c8a64cb33b96e72901da900be3d39ff9c3

SHA256
4580db2da375b3b4c002c8e96837032f556e0a185c45d6ab737734015c943a65

SHA512
d8a825fa74481e49bbac3b9ca063820291542a8337740f6b572639b8e8762dc8acf5a92aa6b8a72aa6bfa8a428c659523697be59f668b7067a6ecb0487cd9c94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe

Filesize
184KB

MD5
04f800bdfb8e1c71bcdf831425152f75

SHA1
e783ff255afbfc6c3192112a643da6aefa9fb803

SHA256
4bae4ce3f5a3a10e6326d6649610a9e3059c7d24acbc0479e9736141ae1e4850

SHA512
7c937e4f26b9f47f0fe20097e8a646683936a820b6f659476edca255dd9f12dd04fb1f4317eedf9f31a84b379062f2414890914e22dc3b5bac3e50ab2b43e1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe

Filesize
184KB

MD5
faf56e8d5c7229ae4a81119ba9087a11

SHA1
bea417733c9d261131692a2a86a45f0686676f71

SHA256
b10b111b88db6a31c1370615d7d42cb9dfef5bcc0ecb8773f18438c09543ac63

SHA512
5aa3b470205872cc719e2fc1c0cb9c4f0b96b5512b996791231884a56723b4fbb674abfa71c765b18a1100d293fad8f107a170ba179fe0de15135fba7d4f4a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe

Filesize
184KB

MD5
26554d5be068a19fc5d2b1d963a8b96d

SHA1
bda8f685ca069d401cf118618414313a7c9aaa6e

SHA256
96a38d5c741f0e3acd7749b2dba25d79ef28749ba18f3b55b678456bb5ec95a5

SHA512
6678a7b4e6c36af893b69a5318641bc91d959c4f89af8827b6f9ee5a7000f1e15168ae251720630633f998cd772083401cece30485be16f6b154e2fce5cd2ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe

Filesize
184KB

MD5
b0b48a20a70dd29350baa874c2cf9737

SHA1
e1d8b02cda97a8dee478898d7b386f1d12841275

SHA256
d4a066d9596e252b839c21fb9e827f61f815ce19b650e3c4723dd13ac668d4a9

SHA512
677e259f574142ce762995413aa8dbb7fe49e09055c8ab8acf8d08ccebbb4ca48c29cdc3c3abc14b32e84056b94df502939c15d93cc7bafd1a02e11c9cf36205

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe

Filesize
184KB

MD5
0f62c57ff99b0b027cf100138a55db04

SHA1
c7a00dcf34e4c7089a4d44a81146e670a258e9e9

SHA256
9b9c228f43ba7d33fb32d1c589b1610bbd5c2fa0ea0eea9526a783a4bc5795bb

SHA512
ddd38896ec3b97c4ff8b460cc99760041d337265314a60ee0f381c03f81fe45546f1f3978efe7e6da461aad47291dfa19c673c2e55b33967ccf24b674f4887de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe

Filesize
184KB

MD5
3fb70819a68148e8ff8f596c271c65d0

SHA1
df93b2ab656777d0beea2b7784d3a2c43d016ce2

SHA256
c027e9c1223803375a0ef57d970caac33ff32e85ac8c4f111b96e91b9e1668ee

SHA512
cc5f38cdd2543170d17b4a7aff88d2e4fca7a82618eef4b2545ac97450682499dc60200ff56de2e707bd69712eeb376f01a9395133268f0c064f923c47ca1f06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe

Filesize
184KB

MD5
0b2d2598c4b628ad6244ba05493d524a

SHA1
b6e3d07c3d8de2943cb3b59d99d88805089f6089

SHA256
4fb40ca2006c00e31bceadf3aed87295ced7f9378cefb29b1f0b8e462b5ac02b

SHA512
70ba7895ddef82a94cc38542216f6328307fedc5732cdee9edaa297fcd1537350fd169f805e34d20ebaf21cb05e5a62b38044a0098771e1e28c88ed6a13eb633

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe

Filesize
184KB

MD5
5f8c48d076b95ba89d4cd888f5050fb1

SHA1
9dae5f9172a70e91b4f6624c37c6ffc196a88d66

SHA256
82588c06657b7d1afcf1e5ca7bda11b4989b0ac4abaae31b2c85fbc896b9632f

SHA512
d4df2884283a3839bc2aae6a029427d6984262ecc89ce4b05f69219df156c8d2fcdd5b75c9860176b904a1d4f7800cc40d866053072d1de3f15a40cbd9813f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe

Filesize
184KB

MD5
aa196cae7cd68ea87d6825b672aca0f8

SHA1
6973c9897ad094706f71b11455801a0af3d0a952

SHA256
2cf1db85171844a28908236520bf8f7285081f1e7e50df188c7aad1908011808

SHA512
ab6650afda22fdcc9f6a03806d39e84d373fca9cf4ac7c91a808d3b94a33d7acc29bf74b610ad291aa419daf8a869ea4a1f8c15b76912bdf408d423e2c867364

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe

Filesize
184KB

MD5
123248cfc68fdf2c0df9e3c5e99b541e

SHA1
8f71268bf6501084ca47ee31b485c3cda07afecc

SHA256
16fc3b4b890160e1e9ca55078ae060babc41343d52e31e05b7ee5a807d7cb3c0

SHA512
8f463a21f112de5bdeb33739aab63e4ed049b624a9e8a1782ab18fd7134f13e2749f402d48273444ebbfe31308e56e1ab1f449e88b81a480d7cdd8f7a690355e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe

Filesize
184KB

MD5
95679ba98f336eb58a919d23392425b8

SHA1
2b11232d0b59041e69c93aa026d968bf3ede758f

SHA256
1258cd3472b99e7ce136b68f90faa059dff07e2d3a8091a3a5bbc650f699f4ad

SHA512
593402cf30e4337debee9e4c09f9e65dfa46fb9e4bb070972b8458602d38e29d0b7b7a6429cae3246f815391844da2a890c6847af7d4da0bec189693f255d3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe

Filesize
184KB

MD5
09c34aa77f70eeb6c57d3872c9f46597

SHA1
0c5c8b3bd0da8a0b193a6601d47dad8d36476ec0

SHA256
8945f0641d4b5f432a0c0953f4a8b08885b825e928ae7f0e52f2c13d91915dd3

SHA512
b7ffe2f98aabab761956bcf2da170cb32fad84d898a6a091004b470425da0f2f065cea71d62d48110b1a4be453494c8d011117856f54ed4d02627d02c8e1d22c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe

Filesize
184KB

MD5
b841fb257bd4f31967cda25fe3f83a8a

SHA1
71bf8f9bf7e45dc6168c582c0b534e975f167f82

SHA256
8a0adca776906b5708600a11fca1e8a37eb0177fdd42b8aa870e1f1dc998812e

SHA512
6c2fa263771ca54fadaa2bd6a9ceb0411f547a18a283b87bd5e23c7e3b2b8938a5d3daeb9d1aff1e2b6850349d2890cf9c7060174df2de8c67d156aa77a49c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe

Filesize
184KB

MD5
356a99521b3532b4494e891695141e6f

SHA1
617cdd2e2ecfc9f28ac063713d8aef41f0335155

SHA256
ff5ddf0ea5c7175df21a0efec1a66b2d513ecdb7a7c9eac92af59aa6b5dcb89e

SHA512
28d1ff58b8fdcc712787b9961f898ca7cf2ce27430b7d3438f2b64783630f4a15e0dec41e22142923b93fec35d161279b65844f406f55917e343509a51b73ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe

Filesize
184KB

MD5
1c01d3410d7e8f525f5901d1ab3ebcb1

SHA1
bb676fcad4df51a2ca3dcc5810cf55a5184bd5d0

SHA256
4a228eb123cd8296cdb43d88a795d1bda6ac5d57c38467e424e1e286fd0d5818

SHA512
833654c75ebc599354fc07628582c317a4f846c1896edd2ce63f59e4b719d2e0599e12ee9ce532d9bce846fa2ad23bf9d70a9ab8ffce5e45de3ed8afed00acc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe

Filesize
184KB

MD5
8903369085425dec504104d1398f051c

SHA1
7461e073d61ba849c1a5744753b0d8897a822186

SHA256
660f689ec081fd89f3caab40f366048f6346e4b1705fc97009f2c99ee4d1bfb4

SHA512
6c092d32acd8322e2e6e7c681ee05342b59f9f384ddf973592f9f60c4ab375bcb915477ae06b8e0843b6e683a80e9759b6f336ae5d7baf95107cee3fbafee1fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe

Filesize
184KB

MD5
45392a3de66242144aa58e1d112dbb7c

SHA1
849619ba30c2e59893bfeb21398f3fa9f1e43341

SHA256
505060637f660091aad03cce262cc9083ce74ca9c0ee4d240ad439940ec90267

SHA512
2309ed7ee008181e94494b9b4d07c8619bbf2fbfda9a207b086b6d3c275fa1d72ee3979bc5d00a7d7452d2c2eed28f04ec387a9c9ad76fad00ba66ec1f772b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe

Filesize
184KB

MD5
776a8fbd89abf3f3fe43e1dee312a4a6

SHA1
a8fcad6006c0d210bfa592131cebae44f20296c3

SHA256
faa3e1dfa56ea1c4af49b39d341736c59c6c8a6cc71c34f6197abca2e741c0f0

SHA512
c62bce5ddf711aaeebd615673877adcb2bac0f6075787b695474f90501022a061da6c62058dce3e842c28c7ff693b5c7765a244a45eba08df643676fb016ec26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe

Filesize
184KB

MD5
4f0b862880f09d960899d90f5b26dbbe

SHA1
c359a9218ed5b0277a183ff5f652182b93ff1e94

SHA256
e004aab2b85f339ec537dae165d179960b33d9d77946a3d727e15a357ad431f4

SHA512
f373c41df3a84a1bfb745df0cd9e255975f3f7d29a2ed24b0cc457eee48611ccf322ba499beead5058639921aa5f9b6ec770f20741465cdc20d9b0571f59b195

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48285.exe

Filesize
184KB

MD5
66d76f43676d7721bcdc54c856adec42

SHA1
8a1fcb438eb8a3cda22b5743f076da58faac518e

SHA256
776c196253f280b6565c92d5ffa82191622374586c47d729ed992faad2cc8ac2

SHA512
1d384304fe6aa7c24a606cd37bb1acd594f8d262a8e216866a4f7b4c43ca7f4a73efbf57d23f2dacb425a6a856276d756b44d5974ce6bc2f28fbd64e8327ac64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe

Filesize
184KB

MD5
284a68f8c8e6d30ce34618f56a38b180

SHA1
3ea0c742e7f1dd96105a6e5277590daccebc3b47

SHA256
ab9c863f2f3a3887d99f0d6872e730d134594f3985505dd0f073d45c4d13dbe5

SHA512
82553e0fccae5c2806f2845b63b1f2a01c564ac8741cd1c5bc8ee887da98a812483c4aa8c7aabe74771b31441b44950124bb89711a8983c029fa43c8ba7f4ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe

Filesize
184KB

MD5
7aae0487ad054953c7bb891636af8553

SHA1
9e7ca005987df411e07d2588401427e253ebcaf3

SHA256
00269fc79d1e16172b5ed130263d13bc42aa83c4037eecea3ea4f65da53f5f7f

SHA512
1dddbea660a963006ec2978d451ef9979907e1255108869206e8d6433f5288724fef10dbcf59b51cb57ed400f390043709e31a2fe8e3688c068f825d567c7e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe

Filesize
184KB

MD5
7a1017697762090826a0f56a2e490737

SHA1
907b38dd41e138c6d98b9025de6370654bb216f3

SHA256
25764594f9466ebeab67a346f8ceab2356eee41e37a30d334690729842ca1361

SHA512
b238885acd41b6f5c9a897e9e41e9f872a4aa7d951e2c79f7def23c3bfab37e12402ae16b3397e8781d6aca86e0056cf565649d87850c596c0a2a839261b149d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe

Filesize
184KB

MD5
181aa7c34b6b1b39347af77092d3af05

SHA1
5a8cf98ce42df411c13e066d9d57734f2ef7f1bf

SHA256
52bcb0a14e27d65ef6b4d58a5b9df7cdff780c4bd95553f1dc917b561161a521

SHA512
40380d2621b136645978fd9b2d2be205be2541a246525b9a183c5479c2035ef207bb75f81e1cc0328cecf5d8fc37080a3fca3a15104021455c724afb2caa26a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe

Filesize
184KB

MD5
4589713b88f288501a1a20310488ca50

SHA1
bcb65b5be8b75e72309f05d3555b2a5a949674f3

SHA256
4877a8356eda628bd53d2074d23d0dfc8f45547c94998743dce267324756fffd

SHA512
a144246f9ab144db0ce221f4c479465775a153b85015b8dde9fd36acc938e2529cb7aa22dce545fe9697df6bdd7394e562aece63df76166b2354b39602bdd1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe

Filesize
184KB

MD5
4d0369a4c0a32b7556c17199c9021cb6

SHA1
c2211bdb491bdf11235f56e772899a076559db9c

SHA256
48be8c71ea54d6c2c9fc258b969babfd225f73cff17f4d770b3845e851ed117e

SHA512
0c2360f0016fa64f33cc2f303a8a5829e789c8559087fdbc29187a84b1224e9f1e48818cb36442ebf660358ad5724df442d67edd64658290b7b467fc64ae06cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe

Filesize
184KB

MD5
46a5633ce5577d759cd25d381922181d

SHA1
c54293f103f91f920afeca76067f4132d713d5f7

SHA256
b353535a5666750334c9020be9184be16cd54ba76a51c2a10780b3d95a7c97e5

SHA512
3452cff82d912bc987bbf97f25ecb7dcafbd66ffab42a72ab0f48abf487367ac958bbf7c6e86a0a06c1e1e4cc9f692df9bd8c2cb435a1873a0f8158a9c3ce8f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe

Filesize
184KB

MD5
2fde5a3f52079f9ac5476342a4cf2914

SHA1
8a71df0679d75fca27810e6284fae4535ca44de0

SHA256
9112ea9b2244965c1e9086dad291af1fee6ac50cbbde0e764195c2e4cb5073df

SHA512
7a041dea0e38c4f75438dca883ee61b1a642cdeafe462eda4d3fa72786a79678c91c48070d7dd91f1d5d47d234e4580c7e1ceb4cefd103ec0ae3be5256092328

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe

Filesize
184KB

MD5
0324cba292371adca91ca47b7cb66d8e

SHA1
f8b0f058172a3ea7ea558b290dc9d5d7b4be602d

SHA256
f34318eb5f7f9879e2262cd06156a07d3f66f6d16a8afa378f1ac12d507f8d73

SHA512
b40b3618c80b047a090e83a2edf77855aa169974b6356468499b47655ec213f4e2e3235d6df43c83b280ef125c1f762cde75fbcde68ba3ad0fddf0e3df8ddcf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe

Filesize
184KB

MD5
33eb5e603a43a48cbe93fa09b84b81f4

SHA1
dab57404e75ff64c748c524e69417787676fcb29

SHA256
352bbe45c0ecf56aab55ef7a2dcaca8a3e8e9fc100e1d9661a62ba9d63bb3531

SHA512
6759c5a926ef6489e66c49c007fa87864dc1ff4d817bb72aa516e2c189ef384cbcf5623e0178938262218b530cd41522dacaeb6f3b0da166788d3a42d1e8c7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe

Filesize
184KB

MD5
db4a021f6669efe02309dd6aeecbaf1b

SHA1
0082270048132746673921f66da39150b7e6704a

SHA256
02b556af4796180611c3b6a7bb50db30200e33181ba8da2df7d7f4bb6bbf1af2

SHA512
cc2cca7a75254ed0b37279e658a4fbb30e4b272f0c087a3c0f717394752b77c24302f5118dd2279e03d0077f41f8dc75bdca5ea12b6db6ffba75b5c509bed7be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads