f4d8d6741d66b7a22028ccd61fee19c88a445a9130d710a79b53360153ceb06b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03d9915366725cd489c46a8ae40bd380N.exe
Size

184KB
MD5

03d9915366725cd489c46a8ae40bd380
SHA1

17b7853820cee8eaf67a9a5174dafd9abc750f32
SHA256

f4d8d6741d66b7a22028ccd61fee19c88a445a9130d710a79b53360153ceb06b
SHA512

7a6e7fdb84b71f21aaa3afb96d69f91f142f7ad8c1ce766a0a621ca21781dd6a65b570a7e2f89c072ebe582ce9e44b131307db29c055715e5e4be2dd43c4ac5d
SSDEEP

3072:LUz5vCo/CHZP+xx82lB0t5H0lvnqnvju:LUEoA2xxf0bH0lPqnvju

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
936	Unicorn-48372.exe
4536	Unicorn-17428.exe
4128	Unicorn-5730.exe
1548	Unicorn-7671.exe
100	Unicorn-15840.exe
2624	Unicorn-61511.exe
2776	Unicorn-13793.exe
2468	Unicorn-27236.exe
1272	Unicorn-25189.exe
2628	Unicorn-39488.exe
3264	Unicorn-23706.exe
1372	Unicorn-52124.exe
1644	Unicorn-52124.exe
4528	Unicorn-32258.exe
2976	Unicorn-55943.exe
4160	Unicorn-45492.exe
1972	Unicorn-34178.exe
3252	Unicorn-37516.exe
3732	Unicorn-41600.exe
516	Unicorn-45684.exe
1528	Unicorn-62907.exe
1616	Unicorn-63172.exe
2964	Unicorn-1719.exe
520	Unicorn-43306.exe
3044	Unicorn-57042.exe
1232	Unicorn-47391.exe
4404	Unicorn-9887.exe
2108	Unicorn-5041.exe
4420	Unicorn-13971.exe
764	Unicorn-16009.exe
4080	Unicorn-2274.exe
1068	Unicorn-23448.exe
1588	Unicorn-11750.exe
1956	Unicorn-33653.exe
864	Unicorn-61548.exe
4892	Unicorn-16986.exe
5092	Unicorn-3603.exe
3476	Unicorn-12326.exe
4436	Unicorn-11963.exe
2712	Unicorn-4350.exe
4432	Unicorn-17008.exe
912	Unicorn-28995.exe
1104	Unicorn-54148.exe
2032	Unicorn-54703.exe
4312	Unicorn-9031.exe
1208	Unicorn-9031.exe
3504	Unicorn-9031.exe
1784	Unicorn-9031.exe
4468	Unicorn-15153.exe
2400	Unicorn-39274.exe
1008	Unicorn-25538.exe
732	Unicorn-28106.exe
4732	Unicorn-57656.exe
4348	Unicorn-287.exe
3788	Unicorn-54127.exe
4292	Unicorn-8455.exe
2160	Unicorn-53572.exe
4048	Unicorn-3609.exe
5100	Unicorn-842.exe
1412	Unicorn-18661.exe
232	Unicorn-32960.exe
4476	Unicorn-45331.exe
4960	Unicorn-26712.exe
3840	Unicorn-23182.exe

Program crash 13 IoCs

pid	pid_target	Process	procid_target
1520	1972	WerFault.exe	102
5980	5320	WerFault.exe	195
6304	5312	WerFault.exe	196
6504	5628	WerFault.exe	211
7868	5296	WerFault.exe	225
15792	6236	WerFault.exe	300
16848	17572	WerFault.exe	870
16760	17572	WerFault.exe	870
17192	17404	WerFault.exe	856
4576	16060	WerFault.exe	861
17760	17132	WerFault.exe	842
18388	17516	WerFault.exe	913
5540	3416	WerFault.exe	995

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5756	Process not Found
Token: SeChangeNotifyPrivilege	5756	Process not Found
Token: 33	5756	Process not Found
Token: SeIncBasePriorityPrivilege	5756	Process not Found
Token: SeCreateGlobalPrivilege	18960	Process not Found
Token: SeChangeNotifyPrivilege	18960	Process not Found
Token: 33	18960	Process not Found
Token: SeIncBasePriorityPrivilege	18960	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1960	03d9915366725cd489c46a8ae40bd380N.exe
936	Unicorn-48372.exe
4536	Unicorn-17428.exe
4128	Unicorn-5730.exe
2624	Unicorn-61511.exe
1548	Unicorn-7671.exe
100	Unicorn-15840.exe
2776	Unicorn-13793.exe
2468	Unicorn-27236.exe
3264	Unicorn-23706.exe
1272	Unicorn-25189.exe
2628	Unicorn-39488.exe
1644	Unicorn-52124.exe
1372	Unicorn-52124.exe
4528	Unicorn-32258.exe
2976	Unicorn-55943.exe
4160	Unicorn-45492.exe
1972	Unicorn-34178.exe
3252	Unicorn-37516.exe
3732	Unicorn-41600.exe
516	Unicorn-45684.exe
2964	Unicorn-1719.exe
2108	Unicorn-5041.exe
4404	Unicorn-9887.exe
764	Unicorn-16009.exe
1232	Unicorn-47391.exe
520	Unicorn-43306.exe
4420	Unicorn-13971.exe
1528	Unicorn-62907.exe
1616	Unicorn-63172.exe
4080	Unicorn-2274.exe
3044	Unicorn-57042.exe
1068	Unicorn-23448.exe
1588	Unicorn-11750.exe
1956	Unicorn-33653.exe
864	Unicorn-61548.exe
4892	Unicorn-16986.exe
5092	Unicorn-3603.exe
3476	Unicorn-12326.exe
4436	Unicorn-11963.exe
2712	Unicorn-4350.exe
4432	Unicorn-17008.exe
912	Unicorn-28995.exe
1104	Unicorn-54148.exe
4468	Unicorn-15153.exe
1784	Unicorn-9031.exe
3504	Unicorn-9031.exe
4312	Unicorn-9031.exe
1208	Unicorn-9031.exe
2032	Unicorn-54703.exe
1008	Unicorn-25538.exe
5100	Unicorn-842.exe
4732	Unicorn-57656.exe
4292	Unicorn-8455.exe
2160	Unicorn-53572.exe
2400	Unicorn-39274.exe
732	Unicorn-28106.exe
4348	Unicorn-287.exe
4048	Unicorn-3609.exe
3788	Unicorn-54127.exe
1412	Unicorn-18661.exe
4476	Unicorn-45331.exe
232	Unicorn-32960.exe
4960	Unicorn-26712.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 936	1960	03d9915366725cd489c46a8ae40bd380N.exe	86
PID 1960 wrote to memory of 936	1960	03d9915366725cd489c46a8ae40bd380N.exe	86
PID 1960 wrote to memory of 936	1960	03d9915366725cd489c46a8ae40bd380N.exe	86
PID 936 wrote to memory of 4536	936	Unicorn-48372.exe	87
PID 936 wrote to memory of 4536	936	Unicorn-48372.exe	87
PID 936 wrote to memory of 4536	936	Unicorn-48372.exe	87
PID 1960 wrote to memory of 4128	1960	03d9915366725cd489c46a8ae40bd380N.exe	88
PID 1960 wrote to memory of 4128	1960	03d9915366725cd489c46a8ae40bd380N.exe	88
PID 1960 wrote to memory of 4128	1960	03d9915366725cd489c46a8ae40bd380N.exe	88
PID 4536 wrote to memory of 1548	4536	Unicorn-17428.exe	89
PID 4536 wrote to memory of 1548	4536	Unicorn-17428.exe	89
PID 4536 wrote to memory of 1548	4536	Unicorn-17428.exe	89
PID 4128 wrote to memory of 100	4128	Unicorn-5730.exe	90
PID 4128 wrote to memory of 100	4128	Unicorn-5730.exe	90
PID 4128 wrote to memory of 100	4128	Unicorn-5730.exe	90
PID 936 wrote to memory of 2624	936	Unicorn-48372.exe	91
PID 936 wrote to memory of 2624	936	Unicorn-48372.exe	91
PID 936 wrote to memory of 2624	936	Unicorn-48372.exe	91
PID 1960 wrote to memory of 2776	1960	03d9915366725cd489c46a8ae40bd380N.exe	92
PID 1960 wrote to memory of 2776	1960	03d9915366725cd489c46a8ae40bd380N.exe	92
PID 1960 wrote to memory of 2776	1960	03d9915366725cd489c46a8ae40bd380N.exe	92
PID 2624 wrote to memory of 2468	2624	Unicorn-61511.exe	93
PID 2624 wrote to memory of 2468	2624	Unicorn-61511.exe	93
PID 2624 wrote to memory of 2468	2624	Unicorn-61511.exe	93
PID 936 wrote to memory of 1272	936	Unicorn-48372.exe	94
PID 936 wrote to memory of 1272	936	Unicorn-48372.exe	94
PID 936 wrote to memory of 1272	936	Unicorn-48372.exe	94
PID 100 wrote to memory of 2628	100	Unicorn-15840.exe	95
PID 100 wrote to memory of 2628	100	Unicorn-15840.exe	95
PID 100 wrote to memory of 2628	100	Unicorn-15840.exe	95
PID 4128 wrote to memory of 3264	4128	Unicorn-5730.exe	96
PID 4128 wrote to memory of 3264	4128	Unicorn-5730.exe	96
PID 4128 wrote to memory of 3264	4128	Unicorn-5730.exe	96
PID 2776 wrote to memory of 1644	2776	Unicorn-13793.exe	98
PID 2776 wrote to memory of 1644	2776	Unicorn-13793.exe	98
PID 2776 wrote to memory of 1644	2776	Unicorn-13793.exe	98
PID 1548 wrote to memory of 1372	1548	Unicorn-7671.exe	97
PID 1548 wrote to memory of 1372	1548	Unicorn-7671.exe	97
PID 1548 wrote to memory of 1372	1548	Unicorn-7671.exe	97
PID 4536 wrote to memory of 4528	4536	Unicorn-17428.exe	99
PID 4536 wrote to memory of 4528	4536	Unicorn-17428.exe	99
PID 4536 wrote to memory of 4528	4536	Unicorn-17428.exe	99
PID 1960 wrote to memory of 2976	1960	03d9915366725cd489c46a8ae40bd380N.exe	100
PID 1960 wrote to memory of 2976	1960	03d9915366725cd489c46a8ae40bd380N.exe	100
PID 1960 wrote to memory of 2976	1960	03d9915366725cd489c46a8ae40bd380N.exe	100
PID 2468 wrote to memory of 4160	2468	Unicorn-27236.exe	101
PID 2468 wrote to memory of 4160	2468	Unicorn-27236.exe	101
PID 2468 wrote to memory of 4160	2468	Unicorn-27236.exe	101
PID 2624 wrote to memory of 1972	2624	Unicorn-61511.exe	102
PID 2624 wrote to memory of 1972	2624	Unicorn-61511.exe	102
PID 2624 wrote to memory of 1972	2624	Unicorn-61511.exe	102
PID 1272 wrote to memory of 3252	1272	Unicorn-25189.exe	103
PID 1272 wrote to memory of 3252	1272	Unicorn-25189.exe	103
PID 1272 wrote to memory of 3252	1272	Unicorn-25189.exe	103
PID 3264 wrote to memory of 3732	3264	Unicorn-23706.exe	104
PID 3264 wrote to memory of 3732	3264	Unicorn-23706.exe	104
PID 3264 wrote to memory of 3732	3264	Unicorn-23706.exe	104
PID 2628 wrote to memory of 516	2628	Unicorn-39488.exe	105
PID 2628 wrote to memory of 516	2628	Unicorn-39488.exe	105
PID 2628 wrote to memory of 516	2628	Unicorn-39488.exe	105
PID 936 wrote to memory of 1528	936	Unicorn-48372.exe	106
PID 936 wrote to memory of 1528	936	Unicorn-48372.exe	106
PID 936 wrote to memory of 1528	936	Unicorn-48372.exe	106
PID 100 wrote to memory of 520	100	Unicorn-15840.exe	108

C:\Users\Admin\AppData\Local\Temp\03d9915366725cd489c46a8ae40bd380N.exe
"C:\Users\Admin\AppData\Local\Temp\03d9915366725cd489c46a8ae40bd380N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        9⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        10⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        10⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56558.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        9⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        9⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        9⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        9⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        9⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        9⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        8⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        8⤵
        
        PID:17516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17516 -s 444
        9⤵
        Program crash
        
        PID:18388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        8⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        9⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29824.exe
        10⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        10⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        9⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        9⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        8⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        8⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
        8⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        9⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        9⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        8⤵
        
        PID:17404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17404 -s 452
        9⤵
        Program crash
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        8⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        7⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        7⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
        7⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46883.exe
        6⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 720
        7⤵
        Program crash
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        6⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        7⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        9⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        9⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        9⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        8⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41662.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        8⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        8⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        6⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52140.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        8⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        7⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3753.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        7⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        6⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        6⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        7⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
        6⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        5⤵
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        7⤵
        
        PID:17668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        6⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46430.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        9⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        9⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        9⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        8⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        8⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        8⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        8⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
        8⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        6⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 488
        7⤵
        Program crash
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        6⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        6⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        7⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        7⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        7⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        7⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        6⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        6⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        8⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        7⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        6⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        5⤵
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        7⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        7⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
        6⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        5⤵
        
        PID:17132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17132 -s 460
        6⤵
        Program crash
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        7⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        7⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        6⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        5⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        5⤵
        
        PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
      4⤵
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
      4⤵
      PID:636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        9⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        9⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        10⤵
        
        PID:18412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        9⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        9⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        8⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        8⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        9⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        9⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        9⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        8⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        7⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        6⤵
        Executes dropped EXE
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        8⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        8⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        7⤵
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
        6⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        8⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        8⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        7⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        6⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48138.exe
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        6⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53484.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        8⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        7⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        6⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        7⤵
        
        PID:17572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17572 -s 464
        8⤵
        Program crash
        
        PID:16848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17572 -s 464
        8⤵
        Program crash
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        6⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        6⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        6⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        5⤵
        
        PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 720
        5⤵
        Program crash
        
        PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
        5⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        8⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        7⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        7⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        7⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        6⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        7⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        6⤵
        
        PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        5⤵
        
        PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        7⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        6⤵
        
        PID:17592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        6⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        5⤵
        
        PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        6⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
      4⤵
      PID:7640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
      4⤵
      PID:15656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
        9⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
        9⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        9⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        7⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        7⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        6⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 628
        7⤵
        Program crash
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        6⤵
        
        PID:17816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        5⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        6⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        6⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        6⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        5⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        5⤵
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        6⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        7⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        7⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        7⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        6⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        6⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        5⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
      4⤵
      PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        5⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        5⤵
        
        PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
      4⤵
      PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
      4⤵
      PID:17212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
      4⤵
      PID:18008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
    3⤵
    PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
      4⤵
      PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
      4⤵
      PID:15368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
    3⤵
    PID:8484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
    3⤵
    PID:11940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
    3⤵
    PID:15576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
    3⤵
    PID:1492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        9⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        10⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        10⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        9⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        9⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        8⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        8⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        7⤵
        
        PID:17924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        6⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        9⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        9⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
        7⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        7⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        6⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        6⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
        8⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        7⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        7⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        7⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        7⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        7⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        6⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        5⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        5⤵
        
        PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        7⤵
        
        PID:16488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        5⤵
        
        PID:5312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 488
        6⤵
        Program crash
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        7⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        7⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        7⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52223.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        6⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        6⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        5⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        5⤵
        
        PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
      4⤵
      PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
      4⤵
      PID:17068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        8⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        7⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        7⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        7⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        7⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        7⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        5⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        6⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23744.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
        8⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        7⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 468
        8⤵
        Program crash
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        5⤵
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
      4⤵
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        5⤵
        
        PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        5⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        6⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        6⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        5⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        5⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
      4⤵
      PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
      4⤵
      PID:17396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        6⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        6⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
      4⤵
      PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
      4⤵
      PID:14892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
      4⤵
      PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51403.exe
      4⤵
      PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
      4⤵
      PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
    3⤵
    PID:5268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
    3⤵
    PID:12036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
    3⤵
    PID:16272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
    3⤵
    PID:5688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        6⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        7⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        7⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        7⤵
        
        PID:17676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
        6⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        6⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        6⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        5⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        6⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35579.exe
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        5⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
        6⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        6⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        6⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        5⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        5⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
      4⤵
      PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
      4⤵
      PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
      4⤵
      PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        6⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        6⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        6⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4618.exe
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        5⤵
        
        PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        6⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        7⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        6⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        5⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
        5⤵
        
        PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
      4⤵
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
      4⤵
      PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
      4⤵
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
      4⤵
      PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
      4⤵
      PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        5⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        5⤵
        
        PID:16060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16060 -s 468
        6⤵
        Program crash
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
      4⤵
      PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
    3⤵
    PID:7988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
    3⤵
    PID:11796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
    3⤵
    PID:15724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
    3⤵
    PID:15684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
    3⤵
    PID:2352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
        6⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        6⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        5⤵
        
        PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        6⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        6⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
        5⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        5⤵
        
        PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
      4⤵
      PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
      4⤵
      PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
      4⤵
      PID:15504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
      4⤵
      PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
      4⤵
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
      4⤵
      PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        5⤵
        
        PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
      4⤵
      PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
      4⤵
      PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
      4⤵
      PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
      4⤵
      PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
    3⤵
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
      4⤵
      PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
      4⤵
      PID:16176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
    3⤵
    PID:9928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
    3⤵
    PID:14356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
    3⤵
    PID:17140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
      4⤵
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        6⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        5⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        5⤵
        
        PID:16536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        5⤵
        
        PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
      4⤵
      PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
      4⤵
      PID:17416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
      4⤵
      PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
    3⤵
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
      4⤵
      PID:17116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
    3⤵
    PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
      4⤵
      PID:15112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
    3⤵
    PID:8668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
    3⤵
    PID:13832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
    3⤵
    PID:18420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
    3⤵
    PID:17288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
    3⤵
    PID:1940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
    3⤵
    PID:5628
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 632
      4⤵
      Program crash
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
    3⤵
    PID:7452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
    3⤵
    PID:10628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
    3⤵
    PID:15144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
    3⤵
    PID:16676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
  2⤵
  PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
    3⤵
    PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
      4⤵
      PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
      4⤵
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
      4⤵
      PID:17740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
    3⤵
    PID:10164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
    3⤵
    PID:13516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
    3⤵
    PID:16492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
    3⤵
    PID:18420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
  2⤵
  PID:7184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
  2⤵
  PID:10420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
  2⤵
  PID:14728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
  2⤵
  PID:17436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1972 -ip 1972
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5312 -ip 5312
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5320 -ip 5320
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5296 -ip 5296
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5628 -ip 5628
1⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6236 -ip 6236
1⤵
PID:16040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 16060 -ip 16060
1⤵
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3416 -ip 3416
1⤵
PID:17976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 8616 -ip 8616
1⤵
PID:5704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe

Filesize
184KB

MD5
3a708c7ed665d5670ff3171ad4c08e93

SHA1
6baf28fe70b2170d8554e9f84d06a9d85da6f1ed

SHA256
ef8ca5486ce9bc91d755a79b95c7e48db8eab017b7ad6890794c0c57caddb2dc

SHA512
3e2de9ac22eb1e2f812b7ce925c3ed358d12749e71cfe242f7412d6ce3141c828de13e78122a889e5e7c9f9f308568dbb0412a0c0163325e082810499246249e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe

Filesize
184KB

MD5
0e53b39c2cb966a86c5fde33f1f66f9e

SHA1
3350983af3b1f9aeeffc8181e35d2b98a540d865

SHA256
f3049a694250cdee50525984fa467c108a4c7fb7484c8338c3bf0b924ce31893

SHA512
71f4e9395ecc850bfce87df3b90dafbf3de1f3ee5e9f5e3d71eaeec57d580a9cae24b894c8748ef55234745d1ffeffa8d516070a0c48decc37a45c89532fd66b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe

Filesize
184KB

MD5
a305fc14d98b1dfb6ca569d150f7dd03

SHA1
0a7ad73c9e6633f8b8c571f69f02027b2040ebf5

SHA256
ece4f3837a949181b37c705adb2104cad62030b010323281441a84bbd222ace3

SHA512
2d19b3144599733e28b229a82a8a7b896f5548186907473a780d8a59d677b65fa7ea276e185a401f5fe09ad5812523a0748c1ac43e9f5213c087eb64d8f8b022

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe

Filesize
184KB

MD5
e95f42f630143af2f787b11c33345182

SHA1
37eb4d642f003aed639f43f8cbe4f74abce2d751

SHA256
0b41c1ec7949e73dbca9cd23bcda7c3cd3396deaa11ba8928fffa8cc520da920

SHA512
5603af4f7aadf1c94d6509ed5edb93b04bb45deae12238f7b621b461535e6b58065b5bb42e9bb148318c6bd4d77279e0aca69826bb60e687918e2451622fc072

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe

Filesize
184KB

MD5
64d56a20638ed577b8f455429edfe2f3

SHA1
76b5afd8f31e3f1b838a713125ae594702c6871d

SHA256
68a75703cead14482a3839af4f906eb86b89b24a2bb803531d4715c69b694be7

SHA512
5af505ac8367c3a00fef9fb0a28403283442ea5d7f08a6ac0ce216596321dc8498b7cfb46a3bb716d66eb7043e9163f3c84aae9294e899582f8073129170593e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe

Filesize
184KB

MD5
c8342e13bc4f2db0d64e3066c744853b

SHA1
019b4a50be7c7a2442515b884c0d9f6fada040d8

SHA256
27e9dbd59df89a0f433146cd18afbf533a7c07023536e62f4e22e1aaa67a5038

SHA512
09f0aca8b15c803b774cfdfe9c65ab07a0a113e131e0439259f7e32631400e963503c94556eb187b691348c6982619ea4a21ea738685736c7f9eb91aa15d0d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe

Filesize
184KB

MD5
a6ff474022f9cd63cec1013d30abb783

SHA1
a92be03998f13b0374b0a188c0b70a3ad2f5ab60

SHA256
391a0e73cc63af71d62057a3b5e9817bc7fe86440eb9c14a854dc9187f2feaa3

SHA512
5eabc1fe29f0d63c61ea7fe5df17716d1bde5a32b40345719570b411e14bb87136fb6de67088640806835d91df3d0b3b3bb7532c0f238f4dff5cd94b5edaf61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe

Filesize
184KB

MD5
baa7c9d388f84f8c6bd5f48977fea0d2

SHA1
85d7a7f3a0977e424b01bd02377b2c4d02b69602

SHA256
67c7a58307581bed34d95f016dbacd4eb5b5928e307e6fcac52b3aa79f4ea960

SHA512
1bd1baf69bb016477230fa8e5c4185a1506ae60bb9c1ba8cfa0c0e323a19e1cc2043aa2d619ab85b0b4a42a20301a3d61d48064ac8f587e3cdea5994210281a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe

Filesize
184KB

MD5
3bf73bb88c71e4f5478f12856223385f

SHA1
c14875c79726c01c2b7246eda8914f5440e57091

SHA256
788fb60ab2e4fde32915ee888a70178aefec814c57bf9e666bd88b3234b47f2e

SHA512
8394e6fbc348b4942bb9045f308c42895b5c237edf1886b60357855c6f85fa47d390a938812a96337429adb471d10a9ac237d057321557ed9633174a6d7967fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe

Filesize
184KB

MD5
00b0a6891f2415b37570d2df3808b655

SHA1
f2cd2c80b891101eee3f4b76b3b82d12013384e2

SHA256
57b868455f85cb500c28e8653beff3cddae6ba3f095f4a69052ea0359ad2965f

SHA512
0af7e417ed77eedaf4630d16beec2feb4ca4fe35a1d9b6b416e1e829d35b4efde0945f6f33481466f8445a03baf2de177bf0cb5a4259b73f56b05c346839a1b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe

Filesize
184KB

MD5
2063041e4874e9c7226c2dd1d32b15c7

SHA1
192f877ace034021e29213814f1bf251ae11bb8f

SHA256
e3a0899e28c18346dcbfed0b6f4e01386971f950f8b6de81af6cab254ba3d2bf

SHA512
fe09e5c510d6640a82eefcb1e448bc4294d8e73cf55ec2cd84e308e73a3eb301520401f0c910cf620bed1d6b7c90f1d7067fe6682241363dc4d8945cc6bb690f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe

Filesize
184KB

MD5
d857cf2257334551db379076cde57868

SHA1
3a05971b76fd3e09983da290f1414ab8db1625b4

SHA256
91370ca291a8f969725fe119287e42b1ad139f2e738f457ec5c30a5a8b8e8dc9

SHA512
a4d980bc0b9d15bb229864c058d2b9bb3f31aa9284b370441eeeb1e461bd3d3cab27adeee7bad8cd826c1c5be22d72dabd6e6cc01f5a5633c01d62bf7e106882

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe

Filesize
184KB

MD5
5f01ba8f0ac192d875fe5793e301e9d5

SHA1
5d7799d1be6d829937c5c27186e346417764b984

SHA256
1dcd5899d9901c461a917d0b6f1fba4ce1fb313a54cf503ed0382357ab2dd4bb

SHA512
3f97df77a329d8307ed0d9e3839f56aee046e2bbd9f455916c9380a7ca6973d7a79f967b3f58f195e192a3392d9f4c15026b60b56c872d0ec4a2ab6fc026b6c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe

Filesize
184KB

MD5
c4906b07e6743d60f429f1c4ff2205ad

SHA1
17d11fc3e4174aebb5e23bd32a3769ba4a39573f

SHA256
a402292c3e790851337d95478b09d2113b38705a2693883fcb2f54b1cd4ccea9

SHA512
b6037f7338462729ed0c68ef4b280f4fdcad87ad5f898d468aaa1d59086cc6ad2b8f38eb0c015a0affda273b758578ab00f8169e953990478f60743294e06deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe

Filesize
184KB

MD5
44b9d6ef04fd23138f61b8256064e720

SHA1
d7f6114306cf39c667d43a717ac7a5aadc8acabb

SHA256
f8960855a0dde23865af8302cf880dff1b7a5f80765f035181b721c8c6442b73

SHA512
bd12229a181b8aafd0be7034fc4d38fb9e72f3a87ab66ee75d5c01d6044b527c192cdabc0ad78ad352f99ee43bd0cb9a9aafb2467ddd5c4942876ef15890eed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe

Filesize
184KB

MD5
871e8e4be62fe4609a3a2e57222e44cb

SHA1
3e021e2bf8da3141d3be7b764884cbfd8cb42faf

SHA256
7216a2e871554425392b46dbdf424a2bb983d131eebc55f207adbf87c4c792ea

SHA512
c21f652e48b9826401a57e47b0a56e45daab6dd3e5df7019c8d330f40b5c4efd9825582e5f4a9c3c7ac7c3c67e4b71ca740c1f181188235799bf13d31f840844

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe

Filesize
184KB

MD5
a7d44fa7a2627daaa25095cdfcef1a2d

SHA1
8c34efdc2e612a5fd60a22e0b065608a4a54cea7

SHA256
41d5d34d7798638743360107f0ff9f113cfffc4035c34a76227446994ac082e3

SHA512
12053400e6c719575e29600593ec41920e7ac8864d685c0e3a3de85a33aa573d00f22e5d182f0748037030f165037c2b66da824207504a9e3c9c5a8460991943

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe

Filesize
184KB

MD5
647ed9b40689579680f299aa12868ed4

SHA1
01739a81685e0353675eb50beb2c7c708749e326

SHA256
fd55a7c44ea07010a6279344f06607e9b303b3d9dfe316852f2a3afde0e87145

SHA512
185e2f53f5573099382449a25ec06ee4d0d4aff12bba15a924b1b5d2b34c087b68a48da1782e3723f066086db08521e24f8a2b8f363db3d36f70fafbc318b1af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe

Filesize
184KB

MD5
8aab92b1b7a89de451f099a6410d4fbc

SHA1
f5eff638b48b7a712e107e7c3cce1f35f348fdb6

SHA256
2a65ad21bc9b0b1deb52ba32006163a792693ce561b2459fd57069746469841c

SHA512
7d51a7285b0456d54b500d7801d369dc0ae2f838bec25b7e58b74dbe5d023e968f913562eaebb8378cb4090fe9a38efb86fb8c4139aafffc6503eccea6833e62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe

Filesize
184KB

MD5
48d66076a8259d604ca461e77bfaf081

SHA1
f0958ccde81f08f7c29a4519fbb35c61dbd8139d

SHA256
1cdd44b08644eb68afe9828b60157dde6a7dfaf235aac71ab07544b4a2841d7b

SHA512
838951d1ee2504d8cac845bd6923f8ad4fa890ec1665234c2a42c93c09347d6a83ac395f1b2ba2578e95e276b8355b94cb313dd810eedc7dfee6f9d909f58efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe

Filesize
184KB

MD5
de74c8b79ab9b547cd680252be5b3e11

SHA1
ab8c8201437f40e5290438eb7d68190128826686

SHA256
0020afeca1c722dda2821f8eaeff3bdb3f1665c130643b3c18b44bfdf37013d7

SHA512
a4febefe03d094297f6f06a6d993c953a426e70f6fe39a3f8ec37ad075f1d26ea36dbeef94a05ef5e4f9a4318ee10d0a22671f40e77fea8abb5cc440b7dc50cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe

Filesize
184KB

MD5
7728b01b7ba5d958e6f3155f5c59b346

SHA1
16c90027b1e0a72f3bdd43cf6175adf8c52e0368

SHA256
95961e6cd642b4a0abcb6e3a60a4fbe283db7ea8a07fcd97a5e9bb7ba4176f89

SHA512
cb5aa58208c8b2d8fa3033c62a3fca38551fb7dee3979616c6df8852d6b3e3882396413e1e87140c43f4002e43de10c37f3eb817e93c140f2b86a653574554f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe

Filesize
184KB

MD5
57b0c20a0a897f3e842be2a3fc63b5f9

SHA1
ab2232f2dc7b0b44b0a822c00cc9261c29a85a33

SHA256
915bfc50c9da2cf030583edb9e07c4df31855c3d82f555dcb8766a392c37f33e

SHA512
efb25567f285a01a28c7680b86ab0fc0c17b79739f2580325630523b19740fd3f14d55e1987beac25fbef6f605a2f4c83b47a134be29fd6790724d5d076d8deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe

Filesize
184KB

MD5
66e63d652da895f5f0f0e9f1c7ddb927

SHA1
2e9d6a0436550a7af9ffb166e7df45f0453fd82a

SHA256
da99e875482fab9ba6a1121cb8eaee99d00bc8f6c2d703be28341aa7254aa705

SHA512
1b394d182cc18d5c431bafb7c920f1cc21ab0fbae467b0308649dddfdc250cf81f13eb417ce730b13b09b9cef46a82d92c3c272e5140eb3447ba9f7da58f963d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe

Filesize
184KB

MD5
ad4b2f8df1376e700471dbbce243eaf8

SHA1
95f8f19c22bba5259f8f88ca7ac131ecd29b7842

SHA256
ee844ed907349854016cb30c3d6f869009239467e0b95041a249717b8dfd6e9d

SHA512
8fc3cd6c92914edd8d8e866df97ead0642c591f3557c518680975461d84502bf21ecfadab1d7d393a6e71ce332b100fad16da3a300b29dc0f29330af5facad48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe

Filesize
184KB

MD5
e9da2629dcc0669620841ec2333488da

SHA1
12c95fac18e6d5892117bd5b20426faa92e42366

SHA256
22e9e5fa201bc0c39c1fda2fd8753b858c19cec7d9ea24502342ed6b49854345

SHA512
ea5a62360eff27c1c99b6bbea62ff23a3240c7a7bedb91ba55ea8c0437d23c94caa009c93e1eeb3883bb0ee7bab85af2f3230e5290ec4938964b66b9f7676d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe

Filesize
184KB

MD5
0668a14cae00cb44a53a59219e9c73c3

SHA1
2dae1267ca606f7cf71624e694621cc90fd31c77

SHA256
425c4f855af50d2376f9dc101d03d3ce6d088c41d40d5e7f4cb969934dd0f3d7

SHA512
4d2e6df5a30944ec23a9df87327de2e727cee3dab2430024132f5ec6c48489732482fea3d2f8416867411fed868b1803f2cdcb2fde5d713d378297a72cf20fda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe

Filesize
184KB

MD5
fb7b8cca2e7409687bd5b095a34d6efa

SHA1
e6dda3ffe4c59b6360c50815e3408a49943aed34

SHA256
a92ff3b1d64474cbbb3354e945fd5f1b05225b77bded31b6bfd8a96475057d14

SHA512
910232c22431203d4f64880494da96a0494c944f689c689d10d9398685ebb5402fe9f9ea677db979902c28de3897f4f7381c66bbfaa7bd576504981ec25271fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe

Filesize
184KB

MD5
5659d6dc9a14a3d44454ec9ba18598c2

SHA1
e5e16b961a14d021a0fa0165e172e622ee633d00

SHA256
4bcd0c9806c296c16fd8a49707cf328ed78af0483431c4cde3e810a32c362007

SHA512
3564a407bfae58715a2359aa07f31fa6f29ef97f7207c0793f786b947afffd82955da0b2f9eb766f926a87d8fcae7b626d6ad688e64b119b531244ea0123e80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe

Filesize
184KB

MD5
b4c0a26010870e0acfc69c452665efc7

SHA1
96e898424aaae0ae10ab6856927b316dae575b4a

SHA256
d9656b7c4f57630c75d57ed9bf03a8ace6f24adc89ed5bef37be2a16d8f65644

SHA512
23817a8a54dfcff39a74274f79988209c6064c1f3b513a5b80cc87f7fd61c5a6a40e0fd20d6fd065de6fa26e913ffda0f18567ab27f6f1d5b3c9122055424f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe

Filesize
184KB

MD5
9804fdbccde17a06538a097e692dc748

SHA1
70e64509973d69518d0628b9490c19ddbd0acd69

SHA256
c5a9b7750c1fe8d4b67b84719ad2716cc8a0497566e58fe429ab5799cccfb458

SHA512
bf8560512173b71c0543894938328b67ca442aeda4e19a0d8742aa9b0079de1584361b50b9f074445941033d2de881f8aebbc443861e5834c25ea4b35fc5e61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe

Filesize
184KB

MD5
e9d6190f4e895fd66cf881c019e4cbd4

SHA1
9012301830b10de0dd2262936fd77e74c1227512

SHA256
ca1fc00300838359a4e10c7ec3479aeba7799ff6454efd6e55620174285a0da6

SHA512
baff89c93c00803b2cdeb99c5ae603c027c48eb5019f3b665b16d035c104d9e097b51a8439e7809476cea6c955e96ebec4478d8bbc58e750e423b91cdc955f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe

Filesize
184KB

MD5
f8975324b6849e644b713edf6cb36d54

SHA1
107dfa291cc3ea6357f2fa48f02e833c2fb8f740

SHA256
2bf77afab189972364cd27880a2c4084900f0d27abc8aec4bead702f3f523786

SHA512
dab2857eeecae61e8d4be89f649360b7a97ada665c7cc3a4b5d03900c509b54cc796aa3a87ce5e4d04562c5d8c24d4ad64794ae8f94f92f456068bc6b8ceeac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe

Filesize
184KB

MD5
9d56d9e8126d16b39bed875f9a10802f

SHA1
c56d677452af92e3d5e7fd75b034a7cd6ec90357

SHA256
4a2aeed6922828c8c7c406555ba8b3888b01a3bceeb264cfb27a020f8cac263e

SHA512
fbf40a2b305b5ea194876d91e5149308a660f81d5178ae7fdbff75624fc7c15e9dd3c94fe22dbde39322613c56ff64b1376a0b22c65dfc5ebb6ea8c4c5f7254e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe

Filesize
184KB

MD5
fa608bd30179ee33dbea26294262bf61

SHA1
aa26bcfea7f6adeaf99c582822e385a567015bda

SHA256
aacb2087c65a9abb7652af073ee4bf8b824ac0c176f61874226a484ed2ad8085

SHA512
4121837e3d43fabe753edea3e807a1cbc90eb3fe003d51624ca77520896591daf89e59f000b7feed016070366de8854aabe9e8e63425e7b58fc9db3f30a8ea72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe

Filesize
184KB

MD5
f0d24096061da7975f00562f864be893

SHA1
d1e674446fc909dd7742356d9ca9a56397f07cdc

SHA256
185bf173d08e442448198ef46a2ac67a1918aa05f3470f6e86190e6ef4253d89

SHA512
ea45837ddb943c5911680cc0c5c2ade9588c1ed6b56318799cb646dc149971222a528089648592b4a6d93a8c932d3ba5832f658310071aeb39caf7430a265418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe

Filesize
184KB

MD5
da279b07bb5afeea59c83391f2f2fcd3

SHA1
f56c62ec6e90e99cbb19cb99184b8dc5bf71a40f

SHA256
e9e7cb113f307da72ddbe9b22a4a9478135e751603a662341bea613d1ed32dd1

SHA512
1390f5a325e550e0bd9b394cadf2d5146d289107d79a88d3f5984e9ee59b0db755d102b32752e13a4b1fc895556c23de74a99c3d3d1a71a52300a18f4b6c1191

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe

Filesize
184KB

MD5
0286d951c49111b3ba98af840899a24a

SHA1
4698e488cf7cb4f82ee6a3558d1b0ef684c9ea33

SHA256
6625d7d0327eae38d59cd28c5a143dfbc27551280abb65778ff2090aaafad3ec

SHA512
6689d3a213b4820c0c11cbc32ec8a30c69887be95c45f6ea9a7e28e6755b978f478941bc1a30f6e38fd222065384479e2f8d08dd3036a81847aa5e5c77eee3c0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads