e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe
Size

184KB
MD5

b880267dc60745f9a72b9e49b8769d30
SHA1

f800e668245a618dddb77cea767cc88969628079
SHA256

e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d
SHA512

18da4213ffd5db1a16d71dc5b63c1881c585d948d3f4f948f1f12606ca294022229aaf78144d617aba53672ac4c81ef853ac25b1612115572418b1c35bc13425
SSDEEP

3072:lzTSE7o7Nj4xNrDZW5Xh8sxzw1vnqnxiuA:lzFoaPrDk8gzw1Pqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4908	Unicorn-48363.exe
960	Unicorn-39339.exe
4348	Unicorn-3137.exe
3592	Unicorn-32043.exe
1516	Unicorn-61378.exe
3168	Unicorn-65099.exe
2748	Unicorn-26104.exe
1844	Unicorn-10138.exe
4588	Unicorn-15161.exe
1044	Unicorn-51555.exe
64	Unicorn-59723.exe
4352	Unicorn-43122.exe
3792	Unicorn-37257.exe
1556	Unicorn-6033.exe
4700	Unicorn-46843.exe
3540	Unicorn-59650.exe
4504	Unicorn-39059.exe
3476	Unicorn-24568.exe
3336	Unicorn-3802.exe
2884	Unicorn-8825.exe
3284	Unicorn-28691.exe
1548	Unicorn-11400.exe
4920	Unicorn-465.exe
3048	Unicorn-20065.exe
372	Unicorn-53387.exe
2084	Unicorn-6224.exe
4436	Unicorn-6490.exe
4760	Unicorn-11513.exe
3348	Unicorn-6682.exe
2564	Unicorn-10448.exe
4256	Unicorn-21601.exe
1312	Unicorn-21601.exe
3620	Unicorn-8026.exe
4704	Unicorn-32650.exe
3876	Unicorn-32915.exe
1620	Unicorn-53890.exe
996	Unicorn-30715.exe
4732	Unicorn-57257.exe
1136	Unicorn-47243.exe
2692	Unicorn-6210.exe
676	Unicorn-49281.exe
2676	Unicorn-27569.exe
4248	Unicorn-31099.exe
2404	Unicorn-14570.exe
4640	Unicorn-38305.exe
3564	Unicorn-46091.exe
2672	Unicorn-26225.exe
1936	Unicorn-50730.exe
720	Unicorn-5058.exe
944	Unicorn-53994.exe
4228	Unicorn-53497.exe
60	Unicorn-17643.exe
1152	Unicorn-29297.exe
2808	Unicorn-8130.exe
4088	Unicorn-59369.exe
3432	Unicorn-16491.exe
3292	Unicorn-29681.exe
2260	Unicorn-49547.exe
2480	Unicorn-8249.exe
384	Unicorn-16683.exe
2812	Unicorn-49739.exe
872	Unicorn-43609.exe
3076	Unicorn-2576.exe
2220	Unicorn-26195.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
3352	3168	WerFault.exe	91
4980	2084	WerFault.exe	114
12876	7488	WerFault.exe	311
15488	6868	WerFault.exe	275
17684	7500	WerFault.exe	312
14824	7216	Process not Found	1063
14812	5664	Process not Found	1012
3084	17576	Process not Found	1174
15572	12568	Process not Found	1191
4052	12196	Process not Found	1184
5024	12128	Process not Found	1239
15580	6732	Process not Found	1233

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
18144	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18396	dwm.exe
Token: SeChangeNotifyPrivilege	18396	dwm.exe
Token: 33	18396	dwm.exe
Token: SeIncBasePriorityPrivilege	18396	dwm.exe
Token: SeCreateGlobalPrivilege	3988	Process not Found
Token: SeChangeNotifyPrivilege	3988	Process not Found
Token: 33	3988	Process not Found
Token: SeIncBasePriorityPrivilege	3988	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe
4908	Unicorn-48363.exe
960	Unicorn-39339.exe
4348	Unicorn-3137.exe
3592	Unicorn-32043.exe
1516	Unicorn-61378.exe
3168	Unicorn-65099.exe
2748	Unicorn-26104.exe
1844	Unicorn-10138.exe
4588	Unicorn-15161.exe
1044	Unicorn-51555.exe
4352	Unicorn-43122.exe
3792	Unicorn-37257.exe
64	Unicorn-59723.exe
1556	Unicorn-6033.exe
4700	Unicorn-46843.exe
3540	Unicorn-59650.exe
4504	Unicorn-39059.exe
3476	Unicorn-24568.exe
3336	Unicorn-3802.exe
2884	Unicorn-8825.exe
4920	Unicorn-465.exe
3284	Unicorn-28691.exe
1548	Unicorn-11400.exe
3048	Unicorn-20065.exe
372	Unicorn-53387.exe
2084	Unicorn-6224.exe
4436	Unicorn-6490.exe
4760	Unicorn-11513.exe
3348	Unicorn-6682.exe
2564	Unicorn-10448.exe
1312	Unicorn-21601.exe
4256	Unicorn-21601.exe
3620	Unicorn-8026.exe
4704	Unicorn-32650.exe
3876	Unicorn-32915.exe
1620	Unicorn-53890.exe
996	Unicorn-30715.exe
4732	Unicorn-57257.exe
2692	Unicorn-6210.exe
1136	Unicorn-47243.exe
676	Unicorn-49281.exe
2676	Unicorn-27569.exe
2404	Unicorn-14570.exe
4248	Unicorn-31099.exe
720	Unicorn-5058.exe
4640	Unicorn-38305.exe
3564	Unicorn-46091.exe
4228	Unicorn-53497.exe
1936	Unicorn-50730.exe
2672	Unicorn-26225.exe
944	Unicorn-53994.exe
60	Unicorn-17643.exe
1152	Unicorn-29297.exe
2808	Unicorn-8130.exe
4088	Unicorn-59369.exe
3432	Unicorn-16491.exe
384	Unicorn-16683.exe
3292	Unicorn-29681.exe
2480	Unicorn-8249.exe
2260	Unicorn-49547.exe
2812	Unicorn-49739.exe
3076	Unicorn-2576.exe
872	Unicorn-43609.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4908	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	86
PID 2184 wrote to memory of 4908	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	86
PID 2184 wrote to memory of 4908	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	86
PID 4908 wrote to memory of 960	4908	Unicorn-48363.exe	87
PID 4908 wrote to memory of 960	4908	Unicorn-48363.exe	87
PID 4908 wrote to memory of 960	4908	Unicorn-48363.exe	87
PID 2184 wrote to memory of 4348	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	88
PID 2184 wrote to memory of 4348	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	88
PID 2184 wrote to memory of 4348	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	88
PID 960 wrote to memory of 3592	960	Unicorn-39339.exe	89
PID 960 wrote to memory of 3592	960	Unicorn-39339.exe	89
PID 960 wrote to memory of 3592	960	Unicorn-39339.exe	89
PID 4908 wrote to memory of 1516	4908	Unicorn-48363.exe	90
PID 4908 wrote to memory of 1516	4908	Unicorn-48363.exe	90
PID 4908 wrote to memory of 1516	4908	Unicorn-48363.exe	90
PID 4348 wrote to memory of 3168	4348	Unicorn-3137.exe	91
PID 4348 wrote to memory of 3168	4348	Unicorn-3137.exe	91
PID 4348 wrote to memory of 3168	4348	Unicorn-3137.exe	91
PID 2184 wrote to memory of 2748	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	92
PID 2184 wrote to memory of 2748	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	92
PID 2184 wrote to memory of 2748	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	92
PID 3592 wrote to memory of 1844	3592	Unicorn-32043.exe	96
PID 3592 wrote to memory of 1844	3592	Unicorn-32043.exe	96
PID 3592 wrote to memory of 1844	3592	Unicorn-32043.exe	96
PID 960 wrote to memory of 4588	960	Unicorn-39339.exe	97
PID 960 wrote to memory of 4588	960	Unicorn-39339.exe	97
PID 960 wrote to memory of 4588	960	Unicorn-39339.exe	97
PID 1516 wrote to memory of 1044	1516	Unicorn-61378.exe	98
PID 1516 wrote to memory of 1044	1516	Unicorn-61378.exe	98
PID 1516 wrote to memory of 1044	1516	Unicorn-61378.exe	98
PID 2748 wrote to memory of 64	2748	Unicorn-26104.exe	99
PID 2748 wrote to memory of 64	2748	Unicorn-26104.exe	99
PID 2748 wrote to memory of 64	2748	Unicorn-26104.exe	99
PID 2184 wrote to memory of 4352	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	100
PID 2184 wrote to memory of 4352	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	100
PID 2184 wrote to memory of 4352	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	100
PID 4908 wrote to memory of 3792	4908	Unicorn-48363.exe	101
PID 4908 wrote to memory of 3792	4908	Unicorn-48363.exe	101
PID 4908 wrote to memory of 3792	4908	Unicorn-48363.exe	101
PID 4348 wrote to memory of 1556	4348	Unicorn-3137.exe	102
PID 4348 wrote to memory of 1556	4348	Unicorn-3137.exe	102
PID 4348 wrote to memory of 1556	4348	Unicorn-3137.exe	102
PID 1844 wrote to memory of 4700	1844	Unicorn-10138.exe	103
PID 1844 wrote to memory of 4700	1844	Unicorn-10138.exe	103
PID 1844 wrote to memory of 4700	1844	Unicorn-10138.exe	103
PID 3592 wrote to memory of 3540	3592	Unicorn-32043.exe	104
PID 3592 wrote to memory of 3540	3592	Unicorn-32043.exe	104
PID 3592 wrote to memory of 3540	3592	Unicorn-32043.exe	104
PID 4588 wrote to memory of 4504	4588	Unicorn-15161.exe	105
PID 4588 wrote to memory of 4504	4588	Unicorn-15161.exe	105
PID 4588 wrote to memory of 4504	4588	Unicorn-15161.exe	105
PID 960 wrote to memory of 3476	960	Unicorn-39339.exe	106
PID 960 wrote to memory of 3476	960	Unicorn-39339.exe	106
PID 960 wrote to memory of 3476	960	Unicorn-39339.exe	106
PID 1044 wrote to memory of 3336	1044	Unicorn-51555.exe	107
PID 1044 wrote to memory of 3336	1044	Unicorn-51555.exe	107
PID 1044 wrote to memory of 3336	1044	Unicorn-51555.exe	107
PID 1516 wrote to memory of 2884	1516	Unicorn-61378.exe	108
PID 1516 wrote to memory of 2884	1516	Unicorn-61378.exe	108
PID 1516 wrote to memory of 2884	1516	Unicorn-61378.exe	108
PID 4352 wrote to memory of 3284	4352	Unicorn-43122.exe	109
PID 4352 wrote to memory of 3284	4352	Unicorn-43122.exe	109
PID 4352 wrote to memory of 3284	4352	Unicorn-43122.exe	109
PID 2184 wrote to memory of 1548	2184	e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe	110

C:\Users\Admin\AppData\Local\Temp\e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe
"C:\Users\Admin\AppData\Local\Temp\e73751bd21d6607f1fa6332152d0acb048c12baf57fbab64e567465d3605ff1d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9098.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        11⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        11⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        11⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
        11⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        10⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        10⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        10⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        10⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
        10⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        10⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        9⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
        9⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        9⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        10⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        10⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        10⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        9⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        9⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        9⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        9⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        8⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        8⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
        8⤵
        
        PID:17744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        10⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        10⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
        10⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        9⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        9⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        9⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36856.exe
        8⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        8⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        7⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        7⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        8⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        10⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        9⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        8⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        8⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        8⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        8⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        7⤵
        
        PID:100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        8⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        9⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        9⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        9⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        8⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        7⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        9⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        9⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        8⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        8⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
        8⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        6⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        9⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        9⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        9⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        9⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        8⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        9⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        9⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        9⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        8⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        8⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        8⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        9⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        9⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        9⤵
        
        PID:17568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        8⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        7⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        7⤵
        
        PID:17676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        7⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8944.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15762.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3376.exe
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        9⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        9⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        8⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        7⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        8⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        8⤵
        
        PID:17600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        7⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        6⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12746.exe
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        7⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        6⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 632
        7⤵
        Program crash
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        9⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        9⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        9⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        9⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        7⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        7⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 716
        8⤵
        Program crash
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        7⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15777.exe
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        8⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        7⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        7⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        5⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24491.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        7⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        7⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        7⤵
        
        PID:17880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        7⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        6⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        6⤵
        Executes dropped EXE
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        9⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        9⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        9⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        7⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        7⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41473.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        7⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        6⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        6⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        7⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        7⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        6⤵
        
        PID:680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        6⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
        6⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        5⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        5⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
      4⤵
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        6⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        5⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        5⤵
        
        PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      4⤵
      PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        9⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        9⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        9⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        8⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        7⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        7⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        7⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        7⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        8⤵
        
        PID:18228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        8⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43441.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1889.exe
        7⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        7⤵
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        6⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
        5⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        7⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        6⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        6⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        8⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        7⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        7⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        7⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        6⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7514.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        7⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        6⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        5⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
        5⤵
        
        PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        5⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        7⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        6⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        6⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55937.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        5⤵
        
        PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
      4⤵
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36856.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        5⤵
        
        PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
      4⤵
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
      4⤵
      PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
      4⤵
      PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        7⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        7⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        6⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 612
        7⤵
        Program crash
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58089.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        5⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
      4⤵
      PID:12820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
      4⤵
      PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
      4⤵
      PID:18332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        7⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        7⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        6⤵
        
        PID:17932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        6⤵
        
        PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
        6⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        6⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
      4⤵
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        5⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        5⤵
        
        PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
      4⤵
      PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
      4⤵
      PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
      4⤵
      PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        5⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        5⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        5⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        5⤵
        
        PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
      4⤵
      PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
      4⤵
      PID:16624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
    3⤵
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
      4⤵
      PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
      4⤵
      PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
    3⤵
    PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
    3⤵
    PID:12752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
    3⤵
    PID:16280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-144.exe
    3⤵
    PID:8008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 492
      4⤵
      Program crash
      PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        8⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        8⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        7⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        7⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        6⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        7⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        6⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        5⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        5⤵
        
        PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        5⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        7⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        7⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        6⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27883.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        6⤵
        
        PID:18132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        5⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
      4⤵
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        6⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        5⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        5⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        5⤵
        
        PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
      4⤵
      PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      4⤵
      PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
      4⤵
      PID:5684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2084
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 632
      4⤵
      Program crash
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
      4⤵
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        6⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7521.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        5⤵
        
        PID:17768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        5⤵
        
        PID:17984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25994.exe
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
      4⤵
      PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
      4⤵
      PID:7360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
    3⤵
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        5⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        5⤵
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
      4⤵
      PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
      4⤵
      PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42378.exe
      4⤵
      PID:7292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
    3⤵
    PID:6884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
    3⤵
    PID:7856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
    3⤵
    PID:12904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
    3⤵
    PID:15632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
    3⤵
    PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
    3⤵
    PID:5652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        7⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
        7⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        6⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
        6⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        6⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28657.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        5⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
        5⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        5⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        5⤵
        
        PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
      4⤵
      PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
      4⤵
      PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        7⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
      4⤵
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        5⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        5⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
      4⤵
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
      4⤵
      PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
      4⤵
      PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        5⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      4⤵
      PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
      4⤵
      PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
      4⤵
      PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
    3⤵
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        5⤵
        
        PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
      4⤵
      PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
      4⤵
      PID:17844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
    3⤵
    PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
      4⤵
      PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
      4⤵
      PID:11864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
    3⤵
    PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
    3⤵
    PID:11228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
    3⤵
    PID:14476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
    3⤵
    PID:4836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        7⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        7⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        6⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        6⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        6⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        5⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        6⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        5⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        5⤵
        
        PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
      4⤵
      PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
      4⤵
      PID:16188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
      4⤵
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3442.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
        6⤵
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        6⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        5⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        5⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
      4⤵
      PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
      4⤵
      PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
      4⤵
      PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
      4⤵
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
      4⤵
      PID:11712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
      4⤵
      PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
      4⤵
      PID:17784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
    3⤵
    PID:7744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
    3⤵
    PID:11236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
    3⤵
    PID:14496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
    3⤵
    PID:2640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        5⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      4⤵
      PID:16728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
      4⤵
      PID:16308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
    3⤵
    PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
      4⤵
      PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
      4⤵
      PID:18000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
      4⤵
      PID:17932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
    3⤵
    PID:7636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
    3⤵
    PID:11248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
    3⤵
    PID:14508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
    3⤵
    PID:14668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
    3⤵
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        5⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        5⤵
        
        PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
      4⤵
      PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
      4⤵
      PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
      4⤵
      PID:16340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
    3⤵
    PID:7780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
    3⤵
    PID:9500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
    3⤵
    PID:12724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
    3⤵
    PID:16508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
    3⤵
    PID:4568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
  2⤵
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
      4⤵
      PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
      4⤵
      PID:16580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
    3⤵
    PID:11676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
    3⤵
    PID:15476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
    3⤵
    PID:17808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
  2⤵
  PID:6340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
    3⤵
    PID:14300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
    3⤵
    PID:16788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
  2⤵
  PID:9820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
  2⤵
  PID:12832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
  2⤵
  PID:16212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3168 -ip 3168
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2084 -ip 2084
1⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7488 -ip 7488
1⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6868 -ip 6868
1⤵
PID:14536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7500 -ip 7500
1⤵
PID:17560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 16116 -ip 16116
1⤵
PID:18324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:18144

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe

Filesize
184KB

MD5
e90dcf23dd628ae73cc9d54394694032

SHA1
acc8480a90fe035532f66a469054c103534d9df7

SHA256
fbe7d27a2d99716eb428cf77849d41a082f768389b5d7452e41970e91367f00a

SHA512
9ddfe8433bf9c886725e09416f9789451266f0b60fc7409c4e9a1f2442188e6ab8f6940d546f1e724b97e3bcafb4ebff606d930213f24e6860fa483fc07e3376

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe

Filesize
184KB

MD5
fd19c357567b46d8afd1f8d02bb0b37e

SHA1
1d0a8618ee394f11f1d3b9c1d7a577ace5700425

SHA256
e468dfcd3117388f075eb36c13b4b063b1f48e383afc50851f320b15e2fbd68a

SHA512
0cae31794a16d851878a260d0dad8fead35b0f10a8f8556acd131fac4e37910ee7d98bfc74f149d1e6d945816148d7a180d944e54ddcd67adf379329089340db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe

Filesize
184KB

MD5
cd3faebbb273cc228ab1552f38d0aadb

SHA1
f5096431a45209f7264afe022a598979e0a1e632

SHA256
b1245c1aa9dd0c650863856895d94e29a3f38251f14875e7bce2a6a968fec13d

SHA512
641ce4d19f4e356a5b4df7a70493569403357bb7c0196a4c1e962fee9774a4682ea95446a7890c094b63068e781775c4896b7b18b8a9d38bec7776b568804361

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe

Filesize
184KB

MD5
c4bada3eafdb28934708f68757c051c4

SHA1
540215defdd63e92c7bb5bbef24cee41fb9244c9

SHA256
c7d67cdb6a9faa43662e1cda06afc19889a6fa91f69ad46d5153277ce63cd945

SHA512
7cdbefc79dcf5aaa4ca57c6b8184ca07655c4b8bb9ca3859a92ff6789308e27ad62cf0c88a78c68d2a2834701ee514f80413a839795f63c827d2fef9a0c5d2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe

Filesize
184KB

MD5
5c6f478ac19c24b29d001af2e7639b91

SHA1
5bbfa3f992c69c7fb79d248e3c469f82eb6cd8dc

SHA256
09d0b86e627078dd031f35668c2e2327fad4530a8df5ba851e692b9feda714aa

SHA512
e21787a8d021aaf01b25b128cf89f8ed80b6e63e646aa69df6095d901fdd990fd727ec85bc9f1914823a89d2c32e4abfa0f37fc07d9a6c502fd7be71ace64721

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe

Filesize
184KB

MD5
56c377afd24069dbaaca505d360e6b87

SHA1
39f68aced486e458b8d927087f286414454dbb7a

SHA256
8d6337b54dab22aec324ed882c94e84093b572d619f7760f98f60566c6dcf2a6

SHA512
4de3deb653632cd90401a8f75ec7a86d94c921a889cdf3e4913161e699cac0d7ec363187abc0e3e7c2e4d9932f45f66a933467b6df4db5abf18a39bd68c08a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe

Filesize
184KB

MD5
7b7a38e7db239f686390c8da1aa7cfde

SHA1
2ff46b19d5ca27f770c478bef65a9b1792844799

SHA256
6b2bfcb14fe1876edb73d3545c2b96f449a80fe5b4b5aa2e5e2790ff407ecc2e

SHA512
98661a1eabdbf5dcb2d1cd7430b19f8032f077118ac807151d107d501a35192138c66433b2b3e2a9e2dde2b38ad438e62af1610dfc8e7dce34fd885a347c1128

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe

Filesize
184KB

MD5
006aafa13e46644f70905da9abecd389

SHA1
792fb481dda30f48a806b7f190a9bdacf8d94128

SHA256
ddf4d5710c6236dd01dce84f735779b26843008a933e72c3900e6f56dad7248f

SHA512
a1dc33b7bfc486d915825da5bfcbe7a8ec5a7baad460687679c5d6b745e735977819e8736683f148446031881ac38c87f99cdabf6da805c89bb9ce9b49d082ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe

Filesize
184KB

MD5
cb9b2faa73c10ae023dcb0c8d97bf1d0

SHA1
a38720a65a2627751d649a54803f2a1d35a53d45

SHA256
2c63dc2cd4d3ad6cfd9890c69378662b120b0ed69bc24802493cda3746b6604f

SHA512
db278701b5e509da8c434305fc5f73db1b7ecb2312f547abd26c9e0031fe0c331cbc6d9601223e2519b126a3b97854eea52074707688a857768abfa36ee0f306

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe

Filesize
184KB

MD5
08ae2f40161b489fa39b63ecc8f3f777

SHA1
3ac3837e499d79cd1724fbeb0c15786da1a8d8bc

SHA256
5c8f3e77c0a0c8533a3721a402f284053a643619e43bc567a2556d3adcc3f250

SHA512
4eaa6cecf473280f744ee7609590ae0c7a8886fec3e16e59089138e43a4ebc95668441b38117c42e25ec48d502c22c3de0f501d30231519eb7e3082bfc017045

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe

Filesize
184KB

MD5
74385902fd01ec94b6445865265e4711

SHA1
d737f3f623c634b85601e0a83dfe67dc763a6fd3

SHA256
983dcdfade497f066614d7844e7121bf6246287f79d0a9a8136d98f5cbba7af7

SHA512
a754d4528a3ff448149372012bcabc46d619a851bc9f7248c6a2337662521caaa3d07ab860eb8fa2aa9f345852f6a9046216305d63cd011f89651f1858fa9c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe

Filesize
184KB

MD5
594e3f2d85a1822a1beeb2cf68dde418

SHA1
1e48d20fcbaa0e244c842fe7389ec677509b1f57

SHA256
54244213870648146be6924e0cc103ada535edbccb345b7c586e31a6022fa279

SHA512
1a1b7f7ab9b5e60f2168f5d37b32f4007874122dabe94f333632740d65f4765382d3a31156bb2e1809f2cd27dba3c0f0bc0991cd52f6b7aac2b4eacb934d1d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe

Filesize
184KB

MD5
fdf495fc3fe16bf8988623ffe27c289a

SHA1
c19964344ffcd9a1f582885f4335eac4a0f15a67

SHA256
18e04daacfaab5d9b778a27869823808d3c954c045cf60878d018fc5af0f0aa2

SHA512
4984e64ea88e7acec0d8b3e7081333fa139d105343eebb75bd9a7d6a65d43291661d28602c8da905a2ce42df760d2b40a9d02a556de5181ebbda611405608131

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe

Filesize
184KB

MD5
8eaba1011f07cd4fe6aed11e967d4011

SHA1
d169befc9cf52fc3dbc7aab870d5c80dca67a871

SHA256
778d70600cfe8e7ac258bcb0e545f48f27185ee447efb5661063b07f73b9cd75

SHA512
480baa848e4281bc2b39a691d7aacf2e65612bec6b8c476054cff383b735113ce38fb090c989813a66013c871d167af39cb0e6d59d089506fe34c81bdf661c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe

Filesize
184KB

MD5
3ba284b867dbf82bda667a1731add654

SHA1
9a0385c7487ed39d82db1f3faf8c7bea77e0fc09

SHA256
6e88294b905ce706b4f4ac4623885886dffd8095866b0eeb6114a0945a1b1084

SHA512
f7f7388ee078962025b8edefcef38ed388983e5ec06b874f624bda4052194b5e784c768770450224bbab66e7de450ecd0067452280ef5c7019da0d4637f7fa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe

Filesize
184KB

MD5
bd6e9419ebc40111def7296a3cdb6320

SHA1
1e05a9dad934c4dfeece7284a7193a92c6235d7b

SHA256
af71802d2de2e2a9bb105f8148a788db9484a40b1f19e0e31bfc8786deaa4a06

SHA512
b546ee2e64a378c26bbd272b3f3d2ec991e3be9e05964da1ef7b62417168a6f7d98520aca7f94b5f6c2859c4b1d65d69dcc2b5655a3f878e25ddb9dbe0c3e8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe

Filesize
184KB

MD5
265865be80c179fc3b626efe5f857064

SHA1
ce67ff79effd37eb9a5f1c78d93beb8e066bbd15

SHA256
315eb79a18c84b610cf7ff346cfa705cc2b6481bb95e065d9af9c595147f4a2f

SHA512
730ba39396e57fcd2da428aa85f075981335cf4040bb7325c49f22f692fe5c7d4cae695c2cc15ff62ac5012f244003c8179d83a042b9aad764b6fee03ceaaa60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe

Filesize
184KB

MD5
344fc176d2220066b2ddbc0c865ff2c9

SHA1
3dc96f29b0295c837d48f5be94d2d00bd8b87137

SHA256
3b99d835a914cf867c38b2a46d074a6578f0e7a9a90a5f47f4056abe9726aaf0

SHA512
c57752fa2eec3f22953661e0b7dd9fcf7b0a029a9702017fa1b6c1dc5608665ce4417111c830c82498825b4d1b74444a62019dc55300f86fc7c67606cdc6f33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe

Filesize
184KB

MD5
5187fdf8b98a78053004c8ef5d77709e

SHA1
db3eceaf644ad229872f632cb8048c0f74df27fc

SHA256
ac9c7833ba996ff4e0d8f9920425bedcd8107798c84792b259befeddb57b4772

SHA512
e97a2e27b474e4e091ca4623659cdabb6aa4b9ade3c7d07b86f87c6f0b5f7ae7ff71fd968574ee8f34f39789e765a33e59892c0a2cb9314f33fc61b1d6e13aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe

Filesize
184KB

MD5
d487e7389100f28f115e0b1dd50a2231

SHA1
6911441ad03c453fdb95bffdec1c8f5127558926

SHA256
33561a62d8999fb6d037eb9b819e11d73b25364f3e5d992f4b97ee2da07fef3a

SHA512
94ba5d39149b8f4a03e6b678c9e8d30e8b8d0d1d18394f517547cbc36a7077246197a5836005659d6c08c06edf2729b151e5f19273252ecefdc4f681c623471f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe

Filesize
184KB

MD5
8fd8ca18e1a9a1ffde5b3b7c2bab329d

SHA1
04148e2951b6ff5cdfd1dc19042849fc8477bb86

SHA256
0cf3ca65130fbf9b41e9a11727fb308a0f75ae5f4568505e1b235ac208deba52

SHA512
325565e7d74f5f7c3317cc4111116b6286c4edd835558f762cbf564000cb38a74fe1f3fd74044a567668c938d9a32df9de7b48e778502d877fe5f10e314f411e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe

Filesize
184KB

MD5
3817a598893ae9023a31a5271571a6ec

SHA1
2b4ce7cb3c0cf897c10fbe2ab2ce03ccdcfa274d

SHA256
41301ff97aebebe5dc1e8830af375c232e73d8b251976de21d08d145682ba6a5

SHA512
f55faab1147aca97e9e06c664e7ecfd242cb7f92f492b90507064852b78a8467cb3d2df14cd34294fd71230ab1f5763677bdfb23af4c0977304ae6a206611fe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe

Filesize
184KB

MD5
ba64a5a1fa6578074d3e7d7dc34a6898

SHA1
f7a8468e1548de73779374877364c96bffc0f9ea

SHA256
15a04e74459e95bbb5c455d13bcad910423226d964d3303b1308ac4c1cb5fd4e

SHA512
f5c53654e192f6f6a7ac84023901d6862381b071e82f5d31c1093a79a8ad88f984871969c97968137b567dcef30d04b3e34845d4acf46a0c4dd99909c56a4dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe

Filesize
184KB

MD5
6cf507d2a55c1d558a09e2ad55185964

SHA1
fa2ac1c2145bee711062b179ffd8f98386603d76

SHA256
1ab7f2b69ab7600681acbda3af17ca218e2ce174134f8e2d6b43480f0836a622

SHA512
b74f72cba808a18e4d22fe52b1861bcab7f8aec8f9ae49966946373c81864b231624f4bf02417417f41e19a7b70d1996cab4338c24d08b707d3f251a40881e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe

Filesize
184KB

MD5
e50582cde35ce069cd78be7896c24f10

SHA1
9644b6dc1448ce54f4a7a9ff5867b269040da8a3

SHA256
8a2dde90bbed85fecf1d1178abe5f682c9fb238865bc664dbfc5b5b743fcd258

SHA512
7407e20bc6e9ca1ea70cf93d269097740075cc91463a9d91c5026c36d90fbe015df8957d0b746eed30399a4f0e7ad5c97221ab37c6a65986aff33b703a2d7d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe

Filesize
184KB

MD5
0423abce13dbee23bf00b3d1b919c82b

SHA1
b380306736728a4abb78c6e2d4cf675eecabb9dd

SHA256
5df198162ab9b3639cac16551861494326fa1855f240605fabab7e5e8e49336a

SHA512
a3e9816ea4c9d17a10ad0347999ac5d404ffbbae914c0347b542ac98b0ee5e24253e9413c520520d1dd3d09399d686dc7dc7ba3bee0c9e8d25891c42fc6603a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe

Filesize
184KB

MD5
c3a83a8840339ff2df54d52ccd8d3801

SHA1
a8dd2ad8203a7fa5ac58d0098dfacddb0e07e72b

SHA256
87a2a96efff4df1068cc869c70ca5afe47b673fa9fb3dc9275caf3be4361ffab

SHA512
832cadef1b48c8d8d6d5e0158600d4bd284ff0f39fb6d1301419a252cc5c6af643026302eb4e38863a2f6ba394aa98103e030415dc36058a8bc0b2eb057e6986

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe

Filesize
184KB

MD5
864dc24e8eaf68f2ce0e9da725b1817f

SHA1
470cdb64061d0575cfe134738b4f494e5ad9edef

SHA256
c87fff31f13c87b98cf6c178792c6c1a18232cfa4187252d9747989c1775e7a4

SHA512
9ed9d0ebe6bd4c5e44f859b8b6f4f95a0204bd8c034ca5154109efd21906ed7e75ffeabf510fe367056195842bcf14c0bd3c1568706bd0a17a39990efdb51c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe

Filesize
184KB

MD5
a1d6ae4d505e500a7871ec748e0721a9

SHA1
7c4f057108887201488f3ad9eaa750bfb58db177

SHA256
7b316141c0427c42da1e8762059e993368a45fef8a0712036923f77e76ea0d48

SHA512
9b0691d6481f4eafb758c0a2cddef3c498d257ee4944322e0db43c0b39dee0742eaf0c6dcd31da2fd6e64f3494bf3caa71a40980754436a45064548c30854cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe

Filesize
184KB

MD5
d36e4b5d5b3a6ecf877289c6df039537

SHA1
f3109a0b84095ddfa592248515caa37772121690

SHA256
7cd4c809b30945ba226484a14db8318d05eac474367f3616f9cf79ef799975f2

SHA512
290bd818bddd3587dd2cacdbf238a8bc59902ca847a91102693c1120cc57a8433cf231d752842610f4fc9978d0a7dccf6ff6968b39d60fd084a68245fda28f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe

Filesize
184KB

MD5
0955c9377aa98ecda73695c9a265ce46

SHA1
8527e9a12aa09ece930413b9e7b3d4dbb0f7a29e

SHA256
d23ba236d04a57d4741eed08704cbccf8e4537196ee41e0970284716488c0fb7

SHA512
83f69665790e33709caa856c5c934faa32adfbc8ca1c5cfcc6680645e4db4bf38356c93fae768cb66467364f8dc5560849b04747854d0ef83d487e2f18eedefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe

Filesize
184KB

MD5
48c632b6bd1de5fe2e022774e3603ec2

SHA1
8884915f547b5bfec05d6513aae676feda68999e

SHA256
6f4228b0edfbe455b76d1e0d56bfd9bcf714fc124cda1960b652f0901dc56bc9

SHA512
d8f6fa395253367306c5ab9ea268be3e392b7e54742bd5fec60b2d0173386554efe5f36aa0b0540209270c4e6bca3fdf1ba33773806979821817d815adb6dcab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe

Filesize
184KB

MD5
86213c02bfbb9a4b77747fee567fbc43

SHA1
4dec4832fbaa39747f7577fdeb30c68ddcea6a99

SHA256
80cab6f9171ca4480089e157955f5a47ea8d762e6984983712ceb0eefb4d096e

SHA512
89cdc24ab9133565933271d38af2e40b64a3c38499789ad508c8658895cebdba609532adcf2d399ba3d25a3dd0ba98ffb26c384481f788cb99d3c9558ea32177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe

Filesize
184KB

MD5
edff9c701eb2c9576946e02ba1cf0dfc

SHA1
c060bdcee60cf422b12a88f31787cb32d8fd224e

SHA256
fc048073956f0563efe99d624bbb6108acf6b3e92e175e903705a619401ad740

SHA512
f2f077a9b983b74f33455b3ec5624a7b2c1983f6e35ecf6e361cb4f167e44d10a54586a737d4ed25170dd13d582f113324b2ff478afebacf2a002c7522458874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe

Filesize
184KB

MD5
376b2b52185a20335ced33b8a8150c8b

SHA1
79ebb8c3eaf62cca20504647227185a61449dbba

SHA256
a9e7d292cfcb8c5f3ca2204c5b4a1a5f52fadd35ab5624fe6aab835c72364703

SHA512
d0c0672a700c529fb2cc6fed79c5db0807127cd27f7d02c3947df6e7a0dbd785efa934fe474a96ef9fecbe95264efd7ab0cfbef969363dde72c5d46bca7b967f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe

Filesize
184KB

MD5
89621675ad0a953cf2f77cd42c3b2c3b

SHA1
dda0882fc76fa82e3b1dc6861a10c44e21c80e70

SHA256
c439dd9a583ac8bdd665e8669ba47f225fc5764a479b968f3e259e2c46318d3f

SHA512
6c918f4e984b53a092e4794beca84a8324e1fcc72c1beedc5685c6cf98f3c6e90ad81e5cee0a59521c2d1a2ae904a588c1a886b03be7642ee70ca8629d2dc737

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9098.exe

Filesize
184KB

MD5
7c8cd6b2e86f0d544e2a7a980fb1357c

SHA1
75d2597f6d4e9b060146b3c3a980f917e0dfa4b8

SHA256
b9f038222a0a92047b29688c6a7e76b33a6ca435d8d31ce1350af7e72fca531c

SHA512
04df352c9139d108cb9c77e41d72b9d54a8d7d264230aa24d8d57609ad73ae11128d50654e2dab290cc6afc64d36154d5eb23b071cfe9c6c265eafd93fb83cd6

Download Submit
memory/2228-4252-0x00000000761B0000-0x00000000763C5000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads