dd2bf505bb77e50a2cf5433d0991b8945c2325fdef69e6af2589d34ceb6edf90

Analysis

max time kernel
120s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

391ed56674480482ebe3f56b2074e0e0N.exe
Size

184KB
MD5

391ed56674480482ebe3f56b2074e0e0
SHA1

ffd26267b53af7a59ef1e9c75ea3895d19d8cd6a
SHA256

dd2bf505bb77e50a2cf5433d0991b8945c2325fdef69e6af2589d34ceb6edf90
SHA512

d559e44ecd3aeee13dde05f1ffb2c3e1fb43f1b1237d79806c01fc2ece0ff7793b1a7a81e4e5e9efe5e86592696fba213127158dfb341f04e8ffc272d72cfacf
SSDEEP

3072:vJiZba4Hn0HRPd9OtWx98XtMdlvnq7viu:vJi3H+19OI89MdlPq7viu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4396	Unicorn-30437.exe
4972	Unicorn-26981.exe
4564	Unicorn-7115.exe
1628	Unicorn-27477.exe
3400	Unicorn-40475.exe
1160	Unicorn-60341.exe
5104	Unicorn-54211.exe
4000	Unicorn-30565.exe
1544	Unicorn-43563.exe
4404	Unicorn-17244.exe
1040	Unicorn-30181.exe
2044	Unicorn-30181.exe
4376	Unicorn-29916.exe
4236	Unicorn-43179.exe
4812	Unicorn-56915.exe
1788	Unicorn-10580.exe
4944	Unicorn-43445.exe
4516	Unicorn-20402.exe
2804	Unicorn-55868.exe
3572	Unicorn-28261.exe
4588	Unicorn-28261.exe
2024	Unicorn-31468.exe
3548	Unicorn-31468.exe
2360	Unicorn-61125.exe
5108	Unicorn-8203.exe
3892	Unicorn-8203.exe
5064	Unicorn-28069.exe
1004	Unicorn-2802.exe
4400	Unicorn-5602.exe
748	Unicorn-60611.exe
4536	Unicorn-14674.exe
1104	Unicorn-33020.exe
1484	Unicorn-13284.exe
1612	Unicorn-58956.exe
2324	Unicorn-58764.exe
4976	Unicorn-62293.exe
4248	Unicorn-12900.exe
4652	Unicorn-15842.exe
2616	Unicorn-9977.exe
2032	Unicorn-15204.exe
4220	Unicorn-47685.exe
2380	Unicorn-43964.exe
3540	Unicorn-32501.exe
4232	Unicorn-32309.exe
2980	Unicorn-12443.exe
2512	Unicorn-30306.exe
2400	Unicorn-6180.exe
4656	Unicorn-6180.exe
4036	Unicorn-2843.exe
532	Unicorn-2843.exe
1284	Unicorn-5988.exe
4380	Unicorn-16386.exe
3424	Unicorn-5796.exe
548	Unicorn-22325.exe
4836	Unicorn-16194.exe
1492	Unicorn-48882.exe
4124	Unicorn-38469.exe
340	Unicorn-48483.exe
5080	Unicorn-54613.exe
1324	Unicorn-57555.exe
1644	Unicorn-57820.exe
3448	Unicorn-50892.exe
4856	Unicorn-9828.exe
5112	Unicorn-45900.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
6164	5684	WerFault.exe	215
8172	7316	WerFault.exe	317
8824	2856	WerFault.exe	302
12916	11260	WerFault.exe	536
13580	7188	WerFault.exe	361
13340	11260	WerFault.exe	536
16324	7364	WerFault.exe	364
17008	6852	WerFault.exe	307
9884	7304	Process not Found	351
9892	7616	Process not Found	332

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8936	Process not Found
Token: SeChangeNotifyPrivilege	8936	Process not Found
Token: 33	8936	Process not Found
Token: SeIncBasePriorityPrivilege	8936	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1928	391ed56674480482ebe3f56b2074e0e0N.exe
4396	Unicorn-30437.exe
4564	Unicorn-7115.exe
4972	Unicorn-26981.exe
1628	Unicorn-27477.exe
5104	Unicorn-54211.exe
3400	Unicorn-40475.exe
1160	Unicorn-60341.exe
4000	Unicorn-30565.exe
1544	Unicorn-43563.exe
4376	Unicorn-29916.exe
2044	Unicorn-30181.exe
4404	Unicorn-17244.exe
1040	Unicorn-30181.exe
4236	Unicorn-43179.exe
4812	Unicorn-56915.exe
1788	Unicorn-10580.exe
4944	Unicorn-43445.exe
2804	Unicorn-55868.exe
4516	Unicorn-20402.exe
3572	Unicorn-28261.exe
2360	Unicorn-61125.exe
4536	Unicorn-14674.exe
2024	Unicorn-31468.exe
4588	Unicorn-28261.exe
5064	Unicorn-28069.exe
5108	Unicorn-8203.exe
3892	Unicorn-8203.exe
748	Unicorn-60611.exe
3548	Unicorn-31468.exe
4400	Unicorn-5602.exe
1004	Unicorn-2802.exe
1104	Unicorn-33020.exe
1612	Unicorn-58956.exe
1484	Unicorn-13284.exe
2324	Unicorn-58764.exe
4976	Unicorn-62293.exe
2616	Unicorn-9977.exe
4248	Unicorn-12900.exe
4652	Unicorn-15842.exe
2032	Unicorn-15204.exe
4220	Unicorn-47685.exe
2380	Unicorn-43964.exe
3540	Unicorn-32501.exe
4232	Unicorn-32309.exe
2980	Unicorn-12443.exe
4656	Unicorn-6180.exe
2512	Unicorn-30306.exe
2400	Unicorn-6180.exe
4036	Unicorn-2843.exe
532	Unicorn-2843.exe
4380	Unicorn-16386.exe
1284	Unicorn-5988.exe
3424	Unicorn-5796.exe
548	Unicorn-22325.exe
1492	Unicorn-48882.exe
340	Unicorn-48483.exe
4124	Unicorn-38469.exe
4836	Unicorn-16194.exe
5080	Unicorn-54613.exe
1644	Unicorn-57820.exe
1324	Unicorn-57555.exe
3448	Unicorn-50892.exe
4856	Unicorn-9828.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 4396	1928	391ed56674480482ebe3f56b2074e0e0N.exe	89
PID 1928 wrote to memory of 4396	1928	391ed56674480482ebe3f56b2074e0e0N.exe	89
PID 1928 wrote to memory of 4396	1928	391ed56674480482ebe3f56b2074e0e0N.exe	89
PID 4396 wrote to memory of 4972	4396	Unicorn-30437.exe	90
PID 4396 wrote to memory of 4972	4396	Unicorn-30437.exe	90
PID 4396 wrote to memory of 4972	4396	Unicorn-30437.exe	90
PID 1928 wrote to memory of 4564	1928	391ed56674480482ebe3f56b2074e0e0N.exe	91
PID 1928 wrote to memory of 4564	1928	391ed56674480482ebe3f56b2074e0e0N.exe	91
PID 1928 wrote to memory of 4564	1928	391ed56674480482ebe3f56b2074e0e0N.exe	91
PID 4564 wrote to memory of 1628	4564	Unicorn-7115.exe	92
PID 4564 wrote to memory of 1628	4564	Unicorn-7115.exe	92
PID 4564 wrote to memory of 1628	4564	Unicorn-7115.exe	92
PID 4396 wrote to memory of 3400	4396	Unicorn-30437.exe	93
PID 4396 wrote to memory of 3400	4396	Unicorn-30437.exe	93
PID 4396 wrote to memory of 3400	4396	Unicorn-30437.exe	93
PID 1928 wrote to memory of 5104	1928	391ed56674480482ebe3f56b2074e0e0N.exe	95
PID 1928 wrote to memory of 5104	1928	391ed56674480482ebe3f56b2074e0e0N.exe	95
PID 1928 wrote to memory of 5104	1928	391ed56674480482ebe3f56b2074e0e0N.exe	95
PID 4972 wrote to memory of 1160	4972	Unicorn-26981.exe	94
PID 4972 wrote to memory of 1160	4972	Unicorn-26981.exe	94
PID 4972 wrote to memory of 1160	4972	Unicorn-26981.exe	94
PID 1628 wrote to memory of 4000	1628	Unicorn-27477.exe	96
PID 1628 wrote to memory of 4000	1628	Unicorn-27477.exe	96
PID 1628 wrote to memory of 4000	1628	Unicorn-27477.exe	96
PID 4564 wrote to memory of 1544	4564	Unicorn-7115.exe	97
PID 4564 wrote to memory of 1544	4564	Unicorn-7115.exe	97
PID 4564 wrote to memory of 1544	4564	Unicorn-7115.exe	97
PID 5104 wrote to memory of 4404	5104	Unicorn-54211.exe	98
PID 5104 wrote to memory of 4404	5104	Unicorn-54211.exe	98
PID 5104 wrote to memory of 4404	5104	Unicorn-54211.exe	98
PID 1160 wrote to memory of 1040	1160	Unicorn-60341.exe	99
PID 1160 wrote to memory of 1040	1160	Unicorn-60341.exe	99
PID 1160 wrote to memory of 1040	1160	Unicorn-60341.exe	99
PID 3400 wrote to memory of 2044	3400	Unicorn-40475.exe	100
PID 3400 wrote to memory of 2044	3400	Unicorn-40475.exe	100
PID 3400 wrote to memory of 2044	3400	Unicorn-40475.exe	100
PID 1928 wrote to memory of 4376	1928	391ed56674480482ebe3f56b2074e0e0N.exe	101
PID 1928 wrote to memory of 4376	1928	391ed56674480482ebe3f56b2074e0e0N.exe	101
PID 1928 wrote to memory of 4376	1928	391ed56674480482ebe3f56b2074e0e0N.exe	101
PID 4972 wrote to memory of 4236	4972	Unicorn-26981.exe	102
PID 4972 wrote to memory of 4236	4972	Unicorn-26981.exe	102
PID 4972 wrote to memory of 4236	4972	Unicorn-26981.exe	102
PID 4396 wrote to memory of 4812	4396	Unicorn-30437.exe	103
PID 4396 wrote to memory of 4812	4396	Unicorn-30437.exe	103
PID 4396 wrote to memory of 4812	4396	Unicorn-30437.exe	103
PID 4000 wrote to memory of 1788	4000	Unicorn-30565.exe	104
PID 4000 wrote to memory of 1788	4000	Unicorn-30565.exe	104
PID 4000 wrote to memory of 1788	4000	Unicorn-30565.exe	104
PID 1544 wrote to memory of 4944	1544	Unicorn-43563.exe	105
PID 1544 wrote to memory of 4944	1544	Unicorn-43563.exe	105
PID 1544 wrote to memory of 4944	1544	Unicorn-43563.exe	105
PID 4564 wrote to memory of 4516	4564	Unicorn-7115.exe	106
PID 4564 wrote to memory of 4516	4564	Unicorn-7115.exe	106
PID 4564 wrote to memory of 4516	4564	Unicorn-7115.exe	106
PID 1628 wrote to memory of 2804	1628	Unicorn-27477.exe	107
PID 1628 wrote to memory of 2804	1628	Unicorn-27477.exe	107
PID 1628 wrote to memory of 2804	1628	Unicorn-27477.exe	107
PID 1040 wrote to memory of 3572	1040	Unicorn-30181.exe	108
PID 1040 wrote to memory of 3572	1040	Unicorn-30181.exe	108
PID 1040 wrote to memory of 3572	1040	Unicorn-30181.exe	108
PID 4376 wrote to memory of 4588	4376	Unicorn-29916.exe	109
PID 4376 wrote to memory of 4588	4376	Unicorn-29916.exe	109
PID 4376 wrote to memory of 4588	4376	Unicorn-29916.exe	109
PID 2044 wrote to memory of 2024	2044	Unicorn-30181.exe	111

C:\Users\Admin\AppData\Local\Temp\391ed56674480482ebe3f56b2074e0e0N.exe
"C:\Users\Admin\AppData\Local\Temp\391ed56674480482ebe3f56b2074e0e0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        9⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        10⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        10⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        10⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
        9⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        9⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        9⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        9⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        9⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        8⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        8⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        8⤵
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        7⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        9⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        9⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        9⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        8⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        8⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        8⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        7⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        9⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        10⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        10⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        9⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        8⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        7⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        6⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        7⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        7⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 492
        8⤵
        Program crash
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        7⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        6⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        9⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        9⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        8⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        8⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        7⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        8⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        7⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        7⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        6⤵
        
        PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        7⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        7⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        6⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        9⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        9⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        9⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        9⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        7⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        9⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        8⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        7⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        7⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        6⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        7⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        7⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        6⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        8⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        8⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        8⤵
        
        PID:18240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        7⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        6⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10101.exe
        7⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        7⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        6⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        6⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        5⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
      4⤵
      PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        5⤵
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
      4⤵
      PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
      4⤵
      PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
      4⤵
      PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        9⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        9⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        9⤵
        
        PID:18060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4565.exe
        8⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
        8⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        7⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        8⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        8⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        6⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        6⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        8⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        7⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        7⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        7⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        6⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        5⤵
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        8⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        8⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        7⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        7⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
        7⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        5⤵
        
        PID:15916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        7⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49870.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
      4⤵
      PID:4872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        7⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        7⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        5⤵
        
        PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        5⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        7⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        5⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        5⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
      4⤵
      PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
      4⤵
      PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      4⤵
      PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        5⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52984.exe
        8⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        8⤵
        
        PID:18060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        6⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        6⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        6⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4565.exe
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
      4⤵
      PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
      4⤵
      PID:18340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
      4⤵
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        5⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
      4⤵
      PID:14408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      4⤵
      PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
    3⤵
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        5⤵
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
      4⤵
      PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
      4⤵
      PID:3388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
    3⤵
    PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
      4⤵
      PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
    3⤵
    PID:11028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
    3⤵
    PID:16128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
    3⤵
    PID:4012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        10⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        10⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        10⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        9⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        9⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        9⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
        8⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        8⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        8⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
        8⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        7⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
        6⤵
        Executes dropped EXE
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        8⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        8⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        7⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        6⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 464
        7⤵
        Program crash
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        6⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        7⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        6⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        7⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        7⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
        7⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        6⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:18420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        7⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        7⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        7⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        7⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        5⤵
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        5⤵
        
        PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        6⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        7⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        6⤵
        
        PID:18136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
        5⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
      4⤵
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        6⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        5⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42152.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
      4⤵
      PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
      4⤵
      PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
      4⤵
      PID:5588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
        9⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 636
        9⤵
        Program crash
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49369.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        7⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        7⤵
        
        PID:18020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22142.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        5⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        8⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        7⤵
        
        PID:18288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        7⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        6⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        6⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        5⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        5⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        6⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        6⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        5⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
      4⤵
      PID:460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        6⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        5⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        5⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        5⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
      4⤵
      PID:17652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        8⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        8⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        7⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        6⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 636
        7⤵
        Program crash
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      4⤵
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        5⤵
        
        PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
        6⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30696.exe
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        7⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        6⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        5⤵
        
        PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
      4⤵
      PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
      4⤵
      PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
      4⤵
      PID:18248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
    3⤵
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        5⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        5⤵
        
        PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
      4⤵
      PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
      4⤵
      PID:15876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
    3⤵
    PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
      4⤵
      PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
      4⤵
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
      4⤵
      PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
      4⤵
      PID:15840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
    3⤵
    PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
    3⤵
    PID:12656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
    3⤵
    PID:17300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        7⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        7⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        7⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        7⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        5⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        5⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
      4⤵
      PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      4⤵
      PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        6⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        7⤵
        
        PID:18004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        5⤵
        
        PID:18292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
      4⤵
      PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
      4⤵
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8671.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
      4⤵
      PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        5⤵
        
        PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
      4⤵
      PID:9704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
      4⤵
      PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
      4⤵
      PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      4⤵
      PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
    3⤵
    PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        5⤵
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
      4⤵
      PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
      4⤵
      PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
    3⤵
    PID:7616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
    3⤵
    PID:10580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
    3⤵
    PID:14556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
    3⤵
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
    3⤵
    PID:5672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        7⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        7⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
        6⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49375.exe
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
      4⤵
      PID:2856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 492
        5⤵
        Program crash
        
        PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
      4⤵
      PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
      4⤵
      PID:8872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      4⤵
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        6⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 464
        7⤵
        Program crash
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 464
        7⤵
        Program crash
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        5⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        5⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        5⤵
        
        PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
      4⤵
      PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
      4⤵
      PID:18272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
    3⤵
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
      4⤵
      PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      4⤵
      PID:17412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
    3⤵
    PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
      4⤵
      PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
      4⤵
      PID:12584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
    3⤵
    PID:10692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
    3⤵
    PID:15244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
    3⤵
    PID:3240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
      4⤵
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        6⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        5⤵
        
        PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
      4⤵
      PID:14004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      4⤵
      PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
      4⤵
      PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
    3⤵
    PID:7344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
    3⤵
    PID:10280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
    3⤵
    PID:14772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
    3⤵
    PID:17816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
    3⤵
    PID:4240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        5⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      4⤵
      PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
      4⤵
      PID:18160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
    3⤵
    PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
    3⤵
    PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
    3⤵
    PID:14980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
    3⤵
    PID:408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
  2⤵
  PID:5460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
    3⤵
    PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
      4⤵
      PID:15164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
    3⤵
    PID:9944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
    3⤵
    PID:15304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
    3⤵
    PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
    3⤵
    PID:5740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
  2⤵
  PID:7316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 228
    3⤵
    - Program crash
    PID:8172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
  2⤵
  PID:8220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50319.exe
  2⤵
  PID:13020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
  2⤵
  PID:17056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5684 -ip 5684
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7316 -ip 7316
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2856 -ip 2856
1⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 11260 -ip 11260
1⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7188 -ip 7188
1⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 11260 -ip 11260
1⤵
PID:13964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7364 -ip 7364
1⤵
PID:17264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6852 -ip 6852
1⤵
PID:16784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe

Filesize
184KB

MD5
fa9b3e137e2ed7444a1cd99755a2d1e3

SHA1
391e1ef22dc06c049996debc5d1af81a935c85e1

SHA256
4202da4f06cbcfaf58980382ecb3168dcc672d00c7fd066e32a93edfcbb0397d

SHA512
82ff08a87b5276143cd4c81ce1ef99dbe4136300f80e9944c8c5f71f76aaecb5a0e48e8cde8e380f43f07ae52bd2284abd99eba83ecfc9a5dc5b067ed7536e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe

Filesize
184KB

MD5
296e6ca1b81109597f6e08de0504f65e

SHA1
52de1e246c14db388e1c5efeb2a529d16493a79f

SHA256
ee8c5cbc713c7311b0dddf0a0df9baafed6d08265975afb60fe266a4a8b99dc0

SHA512
1e82784630e4eeef0975044478a7058d9af324876e528d088e52680c86aef4eedac3b13395a94b0cbb095812b75fa26e888005f0c59a1c384e6c091ab31ff6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe

Filesize
184KB

MD5
8dbfb25f779a57255120a08d5568878a

SHA1
d6f0f17fc4f27c45f464f8e1d9a801e25a062a29

SHA256
7d643edf4a92f385809d56a746b925434acd67725ba4d09cd7a3f2924dea2c89

SHA512
f8bf686cefef4ca736033d0fade98874c999c6a644b139ebfb95fe4eefb4082f2f5d89c74371e80062e5cb015f224b3793a33210c128b0d73ff99207dc33231f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe

Filesize
184KB

MD5
f5dee4d1086a46cf10b54e64eb85e09d

SHA1
b5b146d239b6e3444791b4b0554ec52ede9e6f80

SHA256
57ae235535b6af8effa0e259f16c5ad04eb254f6fbae8922e0355dfaa9b98244

SHA512
bf12dadb95627a699c23d243488d7d59856c16027f124f50f48f9d1b0626191dabcb054e9836243aafe97ffbc1c0adede20a2a7f2b2657c09592326f4c4b9d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe

Filesize
184KB

MD5
e1629df7f663cd0e2dafa7f43249c5f4

SHA1
cbca7b0d2892faaf715d87bbfd30b3312cf25e74

SHA256
2c511116e24b346ff53210f318c94abd2566ee03fce8a12c726636faef2c7cbf

SHA512
fa05ee4ecbb87d89fc5604f48df64fb59f03cae9d0b7b270939a28610098838e13fe33d7cc334a065df21752a3341e728e37916672f5a467ce1a2be6b8940c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe

Filesize
184KB

MD5
4ad64c553a70e60c7ac24e0fe89a320b

SHA1
0d3b229cc5b3aa87780498bdfab243a08f0191eb

SHA256
8cf77cec2d057fec6aafd24bc2287020cfc698f5269c24fbf4cb2479b2ca1fd4

SHA512
718003e547497de6901584e42c1b390b8e49520e1995fce4cf617cf2a738301be60f583c89d50a750b7f0ad293656c2405a2dfa6684981b37efe1fbf1ef36009

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe

Filesize
184KB

MD5
3f62e4f9782f3d3c1c9ea3e534c7e824

SHA1
cb5a526c54e36a5cbf69a31cae07aeb9704a52e0

SHA256
37f221ad68134dd8e71b3832ab4bc8e0af9ca8fda70c290aa10587259170d77e

SHA512
740811076fcd0530c1dab07bea24e0c61481ce64e7bccfdad2d3dd84cef9349c2d535d00d04c0236ab2b5a436b3500708ab8c8316298fbc596c7ed09afca16a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe

Filesize
184KB

MD5
4984fcc27a3edbd9c6bb712403d9ed2d

SHA1
d6d64f55eed024063a879822b3338da4e27c1e34

SHA256
d582620db9b15d02558a01f1e4e6ac3ff88e8e95a4246f01b4f034d77c5cf27c

SHA512
abfcb2829d0285b16e1f9af9ab1087e7487a01111b39508254d264b57386d990281cd3af9f4f5633cd0392e099cb1d3eba37d6a6e50305ba999ed235304bd7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe

Filesize
184KB

MD5
1a729ab5e6084bb5a3a17ff0c8c64c27

SHA1
96e3dffe5fb05253a35baaf4b41725b13ec33499

SHA256
cdc930776eaeb12573f5d9a7f49fb2e752c309c6cca9ebfb6cee77bf0616f287

SHA512
67731702109aede6b6bc498f304cfd0d7ed8f510d79fc4bced4b08405f6f5db27b0118b31040aa16f033634ca5cdeb26f53c2c64f7b3470b4c8bf60b2664bae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe

Filesize
184KB

MD5
d72ae823faf9a3600262386853492b0d

SHA1
e706d243d5413f4ba9dbae43a31b04ec756ed603

SHA256
e39b01b95310436eb589af4f494a315921e3c82cd621d091ea587400f2a4ae7c

SHA512
f8cf580c5d4a8a637d4f891b8560f92dfc851a16a0e4b8c94dfc24ccf47bb56e4e46a26f88256e51d2fd01a04e33d3972ef0855a8fc08a9b9c2627e216137a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe

Filesize
184KB

MD5
02abbe2ec57684a6c3f346f5617db26c

SHA1
69cd4291484a998c4014d0bbeb62c4ba01e0fb6b

SHA256
ee680ab56b5b21b9bdc8e0c633c542ce162a01da3d30aa9257531916081e4b9b

SHA512
f530347b6ab2fa135c04cb65bd03e4582cdff14aae941eb9324d4d90be740f261520db1814562cf6d2533e336454f00bdade4c25116dcc30421ed7ee120938be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe

Filesize
184KB

MD5
94ad98088e06d186f58f551966e949f7

SHA1
e515ef9818b103c15d79dbcfbb2e4f4a1e7f2539

SHA256
8a13c0c60da8c5677541da48d055561c218c4cc3c23923ef7af4e3819adc73f7

SHA512
e613f501e955ca36977d7e462e8db921886d59415c69cb2c10802cc8e6dec754621c2012f0dff1132297de369085f2314bb24171e1481ae10fd55e5a5db7d97c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe

Filesize
184KB

MD5
dc656ba2e913f221eaf8d01ab853c7f5

SHA1
41ae61a1c63043d580ca2b29f7288ec136b26602

SHA256
c54938e314e3a67392b0e846f6659c22e7e3aed31e1a66ea68b9d804b06637d7

SHA512
5d1c7a5787ab95f59dd5ae78fd26fbe7c9538c2b4e5d5bf01b82b8682c13c4f02edf32d474ec2fdc75edaabe2a7a87eabc71462a85c6c9bd2cd6ac2c873cfaba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe

Filesize
184KB

MD5
77356e130e05ad98abfb72f46f471513

SHA1
e59bb82ebc7a2015f913043b8116c3c29669a7ad

SHA256
6e3287c367ffef1c0685e3e069509ffe49900419520d9b4a44381c7170c0d178

SHA512
108025ac9c381ec3af4b1811ed65166788479f260d292222635a4ce8f654a84ce0a499d4ab85191d6a9687768a362a0de7afb7ba09284bc08f0b8fb7777fbe4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe

Filesize
184KB

MD5
cdb43930d3b73bbbf7f74b3ef035e781

SHA1
a505928d752b20178efab02ca51dfa797e698607

SHA256
837d27f8e7897abef6f215b38bd518691db8e769a443cf30723aaa49904117b7

SHA512
7c0153569196f11e7dc8b451b530c73c38689ba17a8eaf36f544c5cac4adc920733b5701112ec8ec6a25386a327a544231c7bf6d9f21c28f77aafa18ec9581c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe

Filesize
184KB

MD5
5c2de5cc47a4de9da01e56734f9bf7b4

SHA1
c499c2bbc6e61f373e4d98879dbb356abd37b334

SHA256
4165687240407df1c4e0bf46785b5d0aad2a54bb11292c2ee70be466b8caf930

SHA512
d97ba3fab18e055b71ef38beeb30b3fa3d947a1b1bbafb43c6367d31dfb52dd5f9ed7fc2f31db459bdf804c52121f9ee097466dff708334a26d1f9cf9b924132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe

Filesize
184KB

MD5
2d71c40fae6cb1fa94e32b3e10dfe2a2

SHA1
25fa1bbad61afbc62058f6df58f8e31a66203439

SHA256
d74fd8cb73a0d11780262897208ac391e40dad8f34262258770f092f70a0a51a

SHA512
836827e0ed9a8c1cbcb1c0a4362bed3eefd2175b30291a004618d9d6b96caf7fee366bca0e8a77da2bcd53993a08a044712278b3423c940c4eb96353f7793499

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe

Filesize
184KB

MD5
a8cb91841ec266de7f53f40e76db278c

SHA1
f9379748979e4d9a234968ded20c9e8fadf07818

SHA256
ae6894c27b141c4524c3371692706f6fe0488bb4452b8de4e152307ce998f87d

SHA512
763f147ad204fdf7390f427e964f6d45ea7d47540445dcb797a922a9cf3c653336c534c2469ea48bf77629fbaa16272869a43f908443e659222cfe74fd1bb6f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe

Filesize
184KB

MD5
b1ea73818b976a6b7de79cd9481dd2a6

SHA1
50a74d2d42d07fd08b94f596cc577f28e4cca3d2

SHA256
0e55bba9e5282b1fef041c1b2ef0d25cfb58e739354d4f6f4a068b5775b95212

SHA512
3ecd6d98e900bd1685ef9ecba23e1068068de2484b33d5e5889bc419f12bdb48038ed71dfa34f04559adc2e6e60dd4884610cd209d71e5c36eadefda9c0353e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe

Filesize
184KB

MD5
f309b31b67d474b7d3d2b683607b4c6f

SHA1
4cb8935c114f7121e471294f28de2e6e4a4ef489

SHA256
f053ed85bd2ed98d41345139c6575dc562e6e31f37b6e022d92e05afa5b045e1

SHA512
ca966235106eb3ea2cce289d61b9bd6e739510eb51a330581ee29d6f2c3be1b9fff670ce893352ee020bbd01cde50f10ef6002793513f78e917a3d661dea03cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe

Filesize
184KB

MD5
9b571f4d68f68f1c777f68e95ce348b8

SHA1
2fbfdb9668a89b73d6133dd7a690a79ba4f0c4c0

SHA256
297c110bf5b5c020148d0e4ad5cdabc0a8f7da0a3849ef01dd1d8f0b8819530d

SHA512
12b9bcf76c94c6eaa3d2d9c9626ef99aa0712c09078d6582b007c9dc6780a9f4118ff410b7d424313b22e868a9defa9568f51c3ca6338beec63128adfa12cfc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe

Filesize
184KB

MD5
597238155341c6a105a584fef547a28a

SHA1
c3564ecd561b4ca91cc86e7970282f2e39999b3d

SHA256
542e705190099d0f5551100bcd856666e06d2fa3364b98721509b19b8cbb0c9e

SHA512
32a39780a8bdfc6395a19c07611594e656aa58585042ca31256a768c9c80332b6b0b7cc5bb14dfe2e236b22fe32fdbebe8fb7b73abf086c4e407f800e243b571

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe

Filesize
184KB

MD5
13a3140302750b14c29b32b6eed2a1b4

SHA1
a9229dbf57f02ca44936221cf8087c4aa83cc0b1

SHA256
5d53a6de85f31844782faf224ee55bb96d3fb235c75240fb567f85197f981d80

SHA512
54a4e6cbcc94d320fad20fd4c8373a613d75d62d8caade601f11c8480b48c44dea05c87436535b18bc991a8824fcfd86aeaada9521f03dd42c066f3a65e9b69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe

Filesize
184KB

MD5
3c05fe9ffd2ca50a8f5796d86a9f0969

SHA1
b95e0ab59807899ef4550cdf41b9278528377971

SHA256
36f5f64dca141dc7d5e8854522fe7bd27f67c1cb52e69667d7582936dbb784bd

SHA512
871b46f68335035f12f1af0ed6ff7da5de010a8a39ca6dc9a83164f9ae8028d99d4bc8a9d55653473721faa68bd583bb3c6e384ffc4fdab2e0224b150330d803

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe

Filesize
184KB

MD5
a3eef7ec1f9f04a91a571b3990ee167e

SHA1
f05f3024d3c37b680855f48f842ddf3cbd668892

SHA256
10ac1e72e7fb178bcb2afc08c71d16b57be8eb354d23e09c029167c60ca1c403

SHA512
11113de384e7d4d59bfe03163b67ebc8bb39293e4b249f01b1de640b86faf4464cd6271e7d735a37e4bfd15cd85c593be2aa7ab23d0511a3d93f485c4d184b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe

Filesize
184KB

MD5
328fbe9bd9205591b3d063ede2e606ab

SHA1
9e02e9686e7c9e3b6c923d056de3c7d081cae30c

SHA256
2c6b479079d92050421a3ddf5005263949e7fac10e955e011af02b1bdc6c1fe8

SHA512
2b1e96d56e6f4da533072b3325488e9bf27b7f478ec3d2c61a37666ea8a3e256e0b21e741e98ed294e73ca0885adc55b275af34b56919b5679ac5731c378050e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe

Filesize
184KB

MD5
a757a770181035b232b4fd0c245c103c

SHA1
5ae11ad24507aca89f29a708ab18d4d90aa9b573

SHA256
cc8a82fc516133d1c933705b43c7dcde84b788817f30d16a6a5123e995cab382

SHA512
9e3fc1c7852004b489a52a1b3249b5fba20c232100685451229e688c8ee2ac3765b597e9c06f262a0f120c0768472426a015e144837a05524edfd61674c983b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe

Filesize
184KB

MD5
5891110b43eb53fad951f37e22d0f68f

SHA1
a22187c06f0801e984e8b7645bc5a82656ff7c75

SHA256
4822f77bfe9d4151d1341a3edd0461ebd67c40996e0cda12b5a5a86094858fa6

SHA512
ec5c8580980e0422aacc9cc13e9b42ab04daadf785bbe7ffa7bbf07c44cdce86a5ed4e9d9c5eac4c92b387b37ccafa7ed6b951e7322280d042e87ff49b071cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe

Filesize
184KB

MD5
aa81c5dcd3eb7a3430a1cb4b29d7b2c4

SHA1
3b06793328121012410454c9cf6c04c16ef27d5c

SHA256
3a47e8fb26a6da7a705babb460b6626165ff9e567bc0c047418d2cdb16856362

SHA512
c2b940c1a313237c03b927c66f96238cd9edaa35f550e87923af319b945209cef2d8ed14bdd2f438ae6e80c76a968ebb934b1afafb5a49430164cadd675000a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe

Filesize
184KB

MD5
bb05444b160bf255387d38da874afea9

SHA1
6f932e331447c2b7730d9a00dd82f0a5e4299aa3

SHA256
986f4af1e44b60ed3ee733db0334e14dd972c81fa06646c110e2a64beb0aab23

SHA512
7051fed510ea56dd02f269fed31a65a3073c578e396d51b6764416d189e1ae9e153dbff7fbb7f9a45267b4f927d73a01334ab2c037d68326e8306e9c166858fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe

Filesize
184KB

MD5
5813960921ee79c5eeb9714d72202d4a

SHA1
38b1e11d9602201afa8f7fd4d0108838680b7ee3

SHA256
c58e246a0ef4357251113c3d0e587d3eb6a0d8b3da4c4294b6e4f4b2b996d68d

SHA512
85abd665622aaa999034cbfe7af3c8561e090449e2179630321fc25079aea729af31f49ddca6247f00e7cb4c2697fdba0f71c9d0bece18b4d1061b92653a94b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe

Filesize
184KB

MD5
5556929807fd9219b16fae1cfd0c6d43

SHA1
6af642ccf7e979a342a2f789f5fcef1c07c64071

SHA256
a48b5b20df8e5390b95a4e158f2779ae7f38471028da29d53f78499b1e598c66

SHA512
05870260bd236518369813a98c597de2b68c4e1cce3b644d863c82ca34a449b4b40b9e3b2b45cda799ef2aa4b11f6442994fefe63347f8f2768db3208b7ad33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe

Filesize
184KB

MD5
5f7fa8492a8cf4bf1b97fbabb795258c

SHA1
39862dda0c3ec4f17e219115de728db08e77c213

SHA256
23b1372e7cc0463041aa629079aa8be56f40bd7254f3cc69ab257009912141bf

SHA512
98d4c74ccd7989931e41d42b837edc9fba9d5f890697905586746365d12c0a2e680a7e265ce35bb8f83b3cc1bef83222dcbbf0ea09eea1d2dc8b792142926280

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe

Filesize
184KB

MD5
a46ccefd635a2272390dfa45d993074f

SHA1
6b4c9ada3a8cbb497888f935afa20a3871cb6b1e

SHA256
f3257003588817c1e4b70c88d5cc23d79ecdee5602c148e350c94ab24753dffa

SHA512
1241a69a0caefe4168f00efbebc06a7909b3dcc4c1f15d0f5962e7205e0d0ec8784bed7e7c78d5cbae77a03213b5ee5a23ba52527aeb32fd78ce756bca1abc74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe

Filesize
184KB

MD5
3aba478401b339ca74c73dfe92d74632

SHA1
b97fb8c1f8097f046551ba22358a193b2dc5c0a4

SHA256
f4dcfffb6653bf82277accc1fd04da7f5132d17a16f6c622987c33589c728373

SHA512
40ac8818ef6e3ac904cb768e898df7c21baee9a7669a745f5eda9cef30cfdc8bdbbca8bc1457bf295fcee74d79db503bde2414ff16f9d03796dc516c814e8c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe

Filesize
184KB

MD5
60659509ed3a88e5d5be3f32e7302f42

SHA1
ae3ead4fec2142b3f7868048e1083d1bffb28cc4

SHA256
d097f7a20a888e63b8debed891122a9c47d20b251313f48e7fddb4b08780f5e5

SHA512
efacd3845daf33d6ac185a2ae5489193e35662bdf98bf77aba742d8ac286511547b01fa7e00c1265a1f56b17c5ed1935f54dfd9b6a24694450bc765fab3ec18f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe

Filesize
184KB

MD5
027aa73832c86b96e073a1a10bee33cc

SHA1
8a3e498560ff9675f44ee5a1cba10f315f2fb97c

SHA256
370f59480923f23843d7fea6bc23ed80d1bf5c035c4df49c87a129d56b926fbe

SHA512
01de295c0253d156111f4b89ce249b2b01951cd6cc5ecd487c9d45e86a9ba4a28722421085a0480e476bdcc2c690c34ef1dc8c5e84f7ef7615665f8e87988a8e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads