1c0109a8061ada95b7bc1f1962c7d8e653f445c86bb5531a79cf8580b00533ec

Analysis

max time kernel
120s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe
Size

468KB
MD5

7b5cf63bd29ee09fa08d9bfe94d63ff0
SHA1

0d2866992930d315cf2a37ff3a207a174b583b8c
SHA256

1c0109a8061ada95b7bc1f1962c7d8e653f445c86bb5531a79cf8580b00533ec
SHA512

1d97300993222813431c0e6b4c0ea903b168495f8edb020ffb49b921f5bec293d0eabf1bb34d8381decda11ee81ff81f3c100145cbd54bb20c24b755b7b4dc06
SSDEEP

3072:yu0Vo8AEIY5AtbY9zfHTff8w0ZhqPpphJEHCxVWfD+MLEAwueXlS:yueo1YAtSz/Tff9froD+mRwue

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3676	Unicorn-14508.exe
5096	Unicorn-29356.exe
2384	Unicorn-47508.exe
4504	Unicorn-27715.exe
3276	Unicorn-47581.exe
3420	Unicorn-14140.exe
512	Unicorn-19385.exe
2944	Unicorn-17805.exe
1852	Unicorn-14275.exe
4380	Unicorn-700.exe
4804	Unicorn-46564.exe
668	Unicorn-11290.exe
2044	Unicorn-17421.exe
1808	Unicorn-33492.exe
780	Unicorn-33757.exe
3228	Unicorn-53770.exe
4356	Unicorn-656.exe
3052	Unicorn-20522.exe
3224	Unicorn-36282.exe
4252	Unicorn-30151.exe
316	Unicorn-58518.exe
3304	Unicorn-22826.exe
2636	Unicorn-49560.exe
1960	Unicorn-31487.exe
4912	Unicorn-31487.exe
888	Unicorn-55114.exe
2596	Unicorn-14885.exe
2656	Unicorn-31487.exe
1108	Unicorn-46376.exe
5100	Unicorn-35440.exe
4516	Unicorn-9774.exe
4608	Unicorn-36416.exe
2204	Unicorn-50152.exe
5036	Unicorn-56282.exe
4748	Unicorn-39562.exe
3804	Unicorn-34775.exe
3408	Unicorn-24570.exe
2348	Unicorn-40714.exe
4468	Unicorn-56209.exe
4320	Unicorn-56209.exe
3036	Unicorn-18933.exe
1636	Unicorn-2862.exe
1468	Unicorn-39488.exe
3468	Unicorn-58970.exe
3444	Unicorn-47766.exe
4508	Unicorn-42250.exe
4240	Unicorn-28218.exe
2324	Unicorn-8352.exe
32	Unicorn-44938.exe
3136	Unicorn-20469.exe
3352	Unicorn-21703.exe
1140	Unicorn-35431.exe
100	Unicorn-18896.exe
3844	Unicorn-38232.exe
208	Unicorn-24496.exe
3284	Unicorn-42773.exe
1056	Unicorn-62639.exe
2896	Unicorn-55130.exe
2404	Unicorn-55130.exe
2224	Unicorn-21690.exe
464	Unicorn-18544.exe
1256	Unicorn-38145.exe
1628	Unicorn-32279.exe
4828	Unicorn-63023.exe

Program crash 18 IoCs

pid	pid_target	Process	procid_target
7748	4216	WerFault.exe	152
8432	1956	WerFault.exe	157
8376	4216	WerFault.exe	152
10168	5988	WerFault.exe	213
11444	5980	WerFault.exe	212
11784	5996	WerFault.exe	214
13244	5448	WerFault.exe	225
11228	5988	WerFault.exe	213
13756	6936	WerFault.exe	284
14252	7236	WerFault.exe	312
16036	7144	WerFault.exe	293
6940	14060	WerFault.exe	727
17256	14000	WerFault.exe	911
5980	8628	WerFault.exe	440
16380	7144	WerFault.exe	293
17028	7232	WerFault.exe	821
19124	7432	Process not Found	1268
19116	11116	Process not Found	521

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5220	Process not Found
Token: SeChangeNotifyPrivilege	5220	Process not Found
Token: 33	5220	Process not Found
Token: SeIncBasePriorityPrivilege	5220	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe
3676	Unicorn-14508.exe
5096	Unicorn-29356.exe
2384	Unicorn-47508.exe
3276	Unicorn-47581.exe
4504	Unicorn-27715.exe
3420	Unicorn-14140.exe
512	Unicorn-19385.exe
2944	Unicorn-17805.exe
1852	Unicorn-14275.exe
780	Unicorn-33757.exe
4380	Unicorn-700.exe
2044	Unicorn-17421.exe
4804	Unicorn-46564.exe
1808	Unicorn-33492.exe
668	Unicorn-11290.exe
3228	Unicorn-53770.exe
4356	Unicorn-656.exe
3052	Unicorn-20522.exe
3224	Unicorn-36282.exe
4252	Unicorn-30151.exe
316	Unicorn-58518.exe
1108	Unicorn-46376.exe
2636	Unicorn-49560.exe
4912	Unicorn-31487.exe
2656	Unicorn-31487.exe
5100	Unicorn-35440.exe
3304	Unicorn-22826.exe
888	Unicorn-55114.exe
1960	Unicorn-31487.exe
2596	Unicorn-14885.exe
4516	Unicorn-9774.exe
4608	Unicorn-36416.exe
2204	Unicorn-50152.exe
5036	Unicorn-56282.exe
4748	Unicorn-39562.exe
3804	Unicorn-34775.exe
3408	Unicorn-24570.exe
4468	Unicorn-56209.exe
4320	Unicorn-56209.exe
3036	Unicorn-18933.exe
1636	Unicorn-2862.exe
1468	Unicorn-39488.exe
3468	Unicorn-58970.exe
3444	Unicorn-47766.exe
4508	Unicorn-42250.exe
2324	Unicorn-8352.exe
4240	Unicorn-28218.exe
3136	Unicorn-20469.exe
3352	Unicorn-21703.exe
1140	Unicorn-35431.exe
3844	Unicorn-38232.exe
32	Unicorn-44938.exe
208	Unicorn-24496.exe
100	Unicorn-18896.exe
3284	Unicorn-42773.exe
1056	Unicorn-62639.exe
2896	Unicorn-55130.exe
2404	Unicorn-55130.exe
2224	Unicorn-21690.exe
464	Unicorn-18544.exe
1256	Unicorn-38145.exe
1628	Unicorn-32279.exe
4828	Unicorn-63023.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3676	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	86
PID 5072 wrote to memory of 3676	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	86
PID 5072 wrote to memory of 3676	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	86
PID 3676 wrote to memory of 5096	3676	Unicorn-14508.exe	87
PID 3676 wrote to memory of 5096	3676	Unicorn-14508.exe	87
PID 3676 wrote to memory of 5096	3676	Unicorn-14508.exe	87
PID 5072 wrote to memory of 2384	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	88
PID 5072 wrote to memory of 2384	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	88
PID 5072 wrote to memory of 2384	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	88
PID 3676 wrote to memory of 4504	3676	Unicorn-14508.exe	89
PID 3676 wrote to memory of 4504	3676	Unicorn-14508.exe	89
PID 3676 wrote to memory of 4504	3676	Unicorn-14508.exe	89
PID 5096 wrote to memory of 3276	5096	Unicorn-29356.exe	90
PID 5096 wrote to memory of 3276	5096	Unicorn-29356.exe	90
PID 5096 wrote to memory of 3276	5096	Unicorn-29356.exe	90
PID 2384 wrote to memory of 3420	2384	Unicorn-47508.exe	91
PID 2384 wrote to memory of 3420	2384	Unicorn-47508.exe	91
PID 2384 wrote to memory of 3420	2384	Unicorn-47508.exe	91
PID 5072 wrote to memory of 512	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	92
PID 5072 wrote to memory of 512	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	92
PID 5072 wrote to memory of 512	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	92
PID 3276 wrote to memory of 2944	3276	Unicorn-47581.exe	93
PID 3276 wrote to memory of 2944	3276	Unicorn-47581.exe	93
PID 3276 wrote to memory of 2944	3276	Unicorn-47581.exe	93
PID 5096 wrote to memory of 1852	5096	Unicorn-29356.exe	94
PID 5096 wrote to memory of 1852	5096	Unicorn-29356.exe	94
PID 5096 wrote to memory of 1852	5096	Unicorn-29356.exe	94
PID 4504 wrote to memory of 4380	4504	Unicorn-27715.exe	95
PID 4504 wrote to memory of 4380	4504	Unicorn-27715.exe	95
PID 4504 wrote to memory of 4380	4504	Unicorn-27715.exe	95
PID 2384 wrote to memory of 4804	2384	Unicorn-47508.exe	96
PID 2384 wrote to memory of 4804	2384	Unicorn-47508.exe	96
PID 2384 wrote to memory of 4804	2384	Unicorn-47508.exe	96
PID 3676 wrote to memory of 668	3676	Unicorn-14508.exe	97
PID 3676 wrote to memory of 668	3676	Unicorn-14508.exe	97
PID 3676 wrote to memory of 668	3676	Unicorn-14508.exe	97
PID 3420 wrote to memory of 2044	3420	Unicorn-14140.exe	98
PID 3420 wrote to memory of 2044	3420	Unicorn-14140.exe	98
PID 3420 wrote to memory of 2044	3420	Unicorn-14140.exe	98
PID 5072 wrote to memory of 1808	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	99
PID 5072 wrote to memory of 1808	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	99
PID 5072 wrote to memory of 1808	5072	7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe	99
PID 512 wrote to memory of 780	512	Unicorn-19385.exe	100
PID 512 wrote to memory of 780	512	Unicorn-19385.exe	100
PID 512 wrote to memory of 780	512	Unicorn-19385.exe	100
PID 2944 wrote to memory of 3228	2944	Unicorn-17805.exe	101
PID 2944 wrote to memory of 3228	2944	Unicorn-17805.exe	101
PID 2944 wrote to memory of 3228	2944	Unicorn-17805.exe	101
PID 3276 wrote to memory of 4356	3276	Unicorn-47581.exe	102
PID 3276 wrote to memory of 4356	3276	Unicorn-47581.exe	102
PID 3276 wrote to memory of 4356	3276	Unicorn-47581.exe	102
PID 1852 wrote to memory of 3052	1852	Unicorn-14275.exe	103
PID 1852 wrote to memory of 3052	1852	Unicorn-14275.exe	103
PID 1852 wrote to memory of 3052	1852	Unicorn-14275.exe	103
PID 780 wrote to memory of 3224	780	Unicorn-33757.exe	104
PID 780 wrote to memory of 3224	780	Unicorn-33757.exe	104
PID 780 wrote to memory of 3224	780	Unicorn-33757.exe	104
PID 5096 wrote to memory of 4252	5096	Unicorn-29356.exe	105
PID 5096 wrote to memory of 4252	5096	Unicorn-29356.exe	105
PID 5096 wrote to memory of 4252	5096	Unicorn-29356.exe	105
PID 512 wrote to memory of 316	512	Unicorn-19385.exe	106
PID 512 wrote to memory of 316	512	Unicorn-19385.exe	106
PID 512 wrote to memory of 316	512	Unicorn-19385.exe	106
PID 4804 wrote to memory of 3304	4804	Unicorn-46564.exe	107

C:\Users\Admin\AppData\Local\Temp\7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe
"C:\Users\Admin\AppData\Local\Temp\7b5cf63bd29ee09fa08d9bfe94d63ff0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        11⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        11⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        10⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        10⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        10⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        9⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        9⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        9⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        10⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        11⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        11⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
        11⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        10⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        9⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        8⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        8⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        8⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37850.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        9⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
        10⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        10⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
        10⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        9⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        9⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        9⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        9⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        8⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        9⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        9⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        8⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        8⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        7⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        7⤵
        
        PID:17160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        10⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        10⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        10⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        9⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        9⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        9⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        9⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        8⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        9⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        10⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        9⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        8⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        8⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
        7⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
        8⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        9⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        9⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        9⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        9⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        8⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        7⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        8⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        7⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        9⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        9⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 464
        10⤵
        Program crash
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        9⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        7⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        9⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        9⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        9⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        8⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        8⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        8⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        7⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        7⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        9⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        9⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        8⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44685.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        9⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        8⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        7⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        8⤵
        
        PID:11116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 636
        6⤵
        Program crash
        
        PID:7748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 636
        6⤵
        Program crash
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        5⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        7⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        6⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        6⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        5⤵
        
        PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        10⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        9⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
        9⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        9⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        9⤵
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        8⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        7⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        8⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 680
        8⤵
        Program crash
        
        PID:16036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 680
        8⤵
        Program crash
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        9⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        8⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        7⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39466.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        7⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        6⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        5⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        7⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        7⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        6⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        6⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        5⤵
        
        PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        5⤵
        Executes dropped EXE
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        9⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 636
        8⤵
        Program crash
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        8⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        7⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        8⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        8⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
        6⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        7⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38044.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
        6⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61562.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        7⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        6⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        5⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        5⤵
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
        7⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 740
        7⤵
        Program crash
        
        PID:13244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 636
        6⤵
        Program crash
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        6⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        6⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        5⤵
        
        PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
      4⤵
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        6⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        6⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        5⤵
        
        PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2999.exe
        5⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        5⤵
        
        PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      4⤵
      PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
      4⤵
      PID:12544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        9⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        9⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        9⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28517.exe
        8⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        8⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        8⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        7⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30202.exe
        7⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        7⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        6⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        9⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        9⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54529.exe
        8⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        7⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        6⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        6⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        8⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        8⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        8⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        7⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        7⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        6⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        6⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        8⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14000 -s 80
        9⤵
        Program crash
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        8⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        7⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        7⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        6⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        6⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        8⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        7⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        6⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45553.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32193.exe
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        5⤵
        
        PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        6⤵
        
        PID:15448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 716
        6⤵
        Program crash
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
      4⤵
      PID:16928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        7⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        6⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        6⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        5⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        8⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        7⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        7⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        6⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        7⤵
        
        PID:17160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        6⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        6⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        5⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        5⤵
        
        PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        5⤵
        
        PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
      4⤵
      PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        5⤵
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
      4⤵
      PID:15100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        7⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        6⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        5⤵
        
        PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
      4⤵
      PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
      4⤵
      PID:332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
      4⤵
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        6⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        7⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        7⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      4⤵
      PID:10916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
      4⤵
      PID:3240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
    3⤵
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        5⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        6⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        5⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
      4⤵
      PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
      4⤵
      PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
      4⤵
      PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
    3⤵
    PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
      4⤵
      PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
      4⤵
      PID:11696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
    3⤵
    PID:6748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
    3⤵
    PID:14672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
    3⤵
    PID:4472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        9⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        9⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        8⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        9⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
        9⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        8⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        8⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        8⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        6⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        8⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        7⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        7⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        6⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        8⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        7⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        6⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        8⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        7⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        5⤵
        
        PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24970.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
        7⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        6⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        6⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
        5⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        7⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        5⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        5⤵
        
        PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        6⤵
        
        PID:9388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 604
        6⤵
        Program crash
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        5⤵
        
        PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
      4⤵
      PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        5⤵
        
        PID:14060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14060 -s 464
        6⤵
        Program crash
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        5⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        5⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        7⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        6⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        6⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        5⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        5⤵
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
      4⤵
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59962.exe
        5⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        6⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        7⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        6⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        6⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        5⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        5⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        6⤵
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
      4⤵
      PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
      4⤵
      PID:14228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
      4⤵
      PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        6⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        6⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        5⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        5⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
      4⤵
      PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
      4⤵
      PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
      4⤵
      PID:16936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
      4⤵
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        6⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
      4⤵
      PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
      4⤵
      PID:13196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
    3⤵
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        5⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
      4⤵
      PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
      4⤵
      PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
    3⤵
    PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
      4⤵
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
      4⤵
      PID:14952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
    3⤵
    PID:11452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
    3⤵
    PID:12124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        6⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        9⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        9⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        9⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 664
        8⤵
        Program crash
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 664
        8⤵
        Program crash
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        8⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        7⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        7⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        8⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        7⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        6⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        7⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        7⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        6⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        8⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 636
        8⤵
        Program crash
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 640
        7⤵
        Program crash
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        7⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        6⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        6⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        6⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        5⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        7⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49919.exe
        8⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39466.exe
        7⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        6⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        5⤵
        
        PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        5⤵
        
        PID:11516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
      4⤵
      PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:32
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        8⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        7⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
        6⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        5⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        6⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        5⤵
        
        PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
      4⤵
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        6⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
      4⤵
      PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
      4⤵
      PID:16676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
    3⤵
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        5⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        5⤵
        
        PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
      4⤵
      PID:15852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
    3⤵
    PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
    3⤵
    PID:9456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
    3⤵
    PID:14656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
    3⤵
    PID:17260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        7⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        6⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        6⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        5⤵
        
        PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
      4⤵
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        6⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        7⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        6⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        5⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        5⤵
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        5⤵
        
        PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
      4⤵
      PID:14924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
      4⤵
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        6⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        5⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      4⤵
      PID:12368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
      4⤵
      PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        5⤵
        
        PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
      4⤵
      PID:16888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
    3⤵
    PID:8268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
    3⤵
    PID:12852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
    3⤵
    PID:16572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
    3⤵
    PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        5⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
    3⤵
    PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
      4⤵
      PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
      4⤵
      PID:13840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
    3⤵
    PID:11912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
    3⤵
    PID:17152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
    3⤵
    PID:16844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
    3⤵
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        5⤵
        
        PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
      4⤵
      PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
    3⤵
    PID:8068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
    3⤵
    PID:11864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
    3⤵
    PID:16956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
  2⤵
  PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        5⤵
        
        PID:16980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
    3⤵
    PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
      4⤵
      PID:17400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
    3⤵
    PID:14196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
    3⤵
    PID:16884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
    3⤵
    PID:2260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
  2⤵
  PID:6688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
    3⤵
    PID:8836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
    3⤵
    PID:8308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
  2⤵
  PID:8320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
  2⤵
  PID:3488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
  2⤵
  PID:17320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4216 -ip 4216
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1956 -ip 1956
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4216 -ip 4216
1⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5988 -ip 5988
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5980 -ip 5980
1⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5996 -ip 5996
1⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5972 -ip 5972
1⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5388 -ip 5388
1⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5972 -ip 5972
1⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5996 -ip 5996
1⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5448 -ip 5448
1⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5988 -ip 5988
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6936 -ip 6936
1⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7244 -ip 7244
1⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7236 -ip 7236
1⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6936 -ip 6936
1⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7236 -ip 7236
1⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5980 -ip 5980
1⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6924 -ip 6924
1⤵
PID:16336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7144 -ip 7144
1⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7228 -ip 7228
1⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6924 -ip 6924
1⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7228 -ip 7228
1⤵
PID:16380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 13616 -ip 13616
1⤵
PID:17140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4732 -ip 4732
1⤵
PID:17152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 14060 -ip 14060
1⤵
PID:17132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 13348 -ip 13348
1⤵
PID:17164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 13840 -ip 13840
1⤵
PID:17288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 15188 -ip 15188
1⤵
PID:17196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 14628 -ip 14628
1⤵
PID:17320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7144 -ip 7144
1⤵
PID:16908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7232 -ip 7232
1⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 15460 -ip 15460
1⤵
PID:14632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe

Filesize
468KB

MD5
15aad2eff50cad222fa8dc24279ac208

SHA1
716a433b0f859f1388474f466d5c4b11ba8b7df4

SHA256
c7eb60771c8e803c0e4929f40e873733bec3a75a76c19819d100331d869a0baa

SHA512
28fc7a9fd809e7434ab54d98215c8fc0107212b770d1e5ecf0c1c32de97065ebf598e63d196a275b31f115124b0114437e25ceb013b9d2b5c928e3d6bbed1672

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe

Filesize
468KB

MD5
43287b0ea30af02ad7e941a7917a640b

SHA1
714914ce9a4a532c1b1f5c85b379e74c462b4fb0

SHA256
0e9f6cab74d74f7175b2f7504d6af0e68b78be36f2d59313bf0cc7f898e59dde

SHA512
8b12686e01c41f9e86083f5df49773607868ce2f6b084667abbe3d344b0a7d719ced0b047ce483a88f1e7ca0a93b5e0e32f3f47f7d904ed1556d9a91a55f5af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe

Filesize
468KB

MD5
bf569e6726ba5fb310dd236080d748ee

SHA1
6fc3e97a77f0ba93a6f93374aa47734abb3df48c

SHA256
0f11d8b038c8a0f63c515928863e6ef54b72293eed344e2bc24cbb8299613279

SHA512
1ac2ba470fe32c983f84a95ddf4f21a761791774d80ba559be9dc6799b2b80ec54047e0e3fea36edb2b4a9481b2c41f6a025269bec201184b8d78bbca46005b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe

Filesize
468KB

MD5
716fe6eda7610e1527eed5feb536ab13

SHA1
0e314c4a8f55ba885fdded683c7c0f7c59e5cd6e

SHA256
7e11aca58e1d4e206377ee10174ff30387a104f0e89e2416fb7ed5256d4a30e2

SHA512
24d8ab3a1f9b96f54b964a9a4af6ce2dc7e89001100bc094689f8636a26b79625012beb6b032e330dccf50b14f2b65a935b4799324f2099196cd77be94aabd5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe

Filesize
468KB

MD5
1310ffdf6ff50bd4e03c61b9f5916d73

SHA1
a70ce637bef0bc406a742039745ef74da2dca1c5

SHA256
2d5ce4d48138f8607f90165e7d15940fb48239de4f9ff6a7688988102be60733

SHA512
419cd842030766920d1b84909445dfbff634baeb728cd578e1019b00e3abc079d0209348444a774849099aefa92f0fbfd2d2f52e9edbbccf050119bce2afa168

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe

Filesize
468KB

MD5
8acbd0c4acdb0e6c65947a4f302ed470

SHA1
ff52b62457bb1af43a4ab10ad56fa46f6ff94245

SHA256
d160f76f786c248c0cfc75e39f14f84e200a8829a832ada1e9462b22edb0294d

SHA512
5f5ee6fee363bdd6e2989dc332015a4d508ab229a72a840533dbf44809f03d0ff20d4f6d7304b04d9a40cc23551222b3340cdd26f4cedd80930743b73e8d81f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe

Filesize
468KB

MD5
c77255d35149325a577783d90ceff9b2

SHA1
80f6c31e33a5fe7d0d2a761609aaf15b23b00b7b

SHA256
9d00c3d951099ae31523a8b2fe5eba4532ccfd3372f49310bc433c8846cb5119

SHA512
88be7aaaea8f34814c0489f5874362614200a5469710e159493dd78a4fac16cc0a19a85ff21fa36d5bfca933c9bf176e6858066c79ea59016d82337449cc9f86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe

Filesize
468KB

MD5
ef4313f8103ea8f44ff934f6d34fa566

SHA1
1c266af4b2aba8d05d8917d299d08cc5dc793cbb

SHA256
3dac67db02cc2bb1d2b1d492319c932240c95729f3f1f2ed622eb55f0a754550

SHA512
efc32bb3283e63677069fea69a7efe0123900e5749e89ce1342a1a7b2fca929fc1eb2e742a43f4fbf4f822b508eb2493b583cd873cc1617c6bd936fdde89f4f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe

Filesize
468KB

MD5
ca16089ee393fb513767a5d682cfdfcd

SHA1
395a7e1721bb3e515014a4e9e3f43d67d8c5d6fb

SHA256
57d3293a1a7b8ab0e3960da07670b1d2c3f522207a08ee524ed09cfcbcf20367

SHA512
5c30117693d92954e3f605ff2f04e74739f1b0660a9b4d074713917d4a562ba4557c831901d9ec7d09507e4f837ddc9bd533bdbb1d73b1c84c1e17161a82de98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe

Filesize
468KB

MD5
2bb98dd9e9f83d528084c109f156b7c4

SHA1
158fa5fb54ce0edbf044895dd2e8bb4c35ee859e

SHA256
01c59439db7ab42ffceedb0ca247e163386e95bd000278f4bca82e65e4f9023d

SHA512
594682610b17bda92c3eae56ee4be4a02485ccce2f210a952ac3145f17a8379916f10f34c7e90d46b9984953edd207f5716570cade75cabbfd65641beb170da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe

Filesize
468KB

MD5
5b297c3c592026fb048a79c810e4f765

SHA1
3491f33f8be15e922ebbaa365e289d762ee06534

SHA256
1fbeb5a69d3d9ac9d0d666153c88405d6a60eeceb67a71eeb6f7085e9a2c5a2b

SHA512
680e70663425e0f41a6fd2e865de44a5922c28cc03aace6793f3665832960c238757d95b304511418de6a3c5a7288ad92c8bb87768265a24f74fd9dc0bbefab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe

Filesize
468KB

MD5
8392cee9b3d333bfbfc5a1e5a697d2e1

SHA1
c0f81130ce964b36c785d2fef98fd1fa719a3401

SHA256
4b342de15992949d175b93c73316abbf1cce1c277c00560aa1a42a4730803a81

SHA512
61c9a90587d974e5b46f27400b5bfa109443534aba5515c014b91f7d691b20270d93b79d3245e24480d83a2492810409ac89d66615ffc51050dd80e547787acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe

Filesize
468KB

MD5
18cf55ef3bad1aca7c55a52095bfc4d0

SHA1
c215e7cb934e7bd6f541cbaf6057d2e6eac434fe

SHA256
22ec46428b840b191a3e03b88259069b5bdf52451582103d9ec3148d01e24c65

SHA512
fe4b1669f645f7c9f7c58c41fdf6256302d43ddd39704f95b99fd5d269c8ba63ce454b914540777f04cdd26bf087b10963524ff2f1029b0f31e87e6d98b794bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe

Filesize
468KB

MD5
aa6abefd18969aa58a2ef969fe6b0ef7

SHA1
97c924d9c12f5882ffa8a8b8b5b1fb45416a760c

SHA256
0095db71792341f835b1fea778f4915b43deda2c2b48d4c6cca0d8aa0f80977a

SHA512
69b93c001a4c18eab175afc7f59bcea1ba159d9ffa002c8f2f0a8fb04a98506e6d6c01874044921476bd2ef1fafd606fb467f48794f01dcc376d2250d3215d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe

Filesize
468KB

MD5
a15000ce18c9f5472bb484ecb7e319da

SHA1
d0f85fda876dd265f3cc2dee9cff731bcd06ec3c

SHA256
e801069dd4313c03fb7622b7233a927c537a240241167dd9adbffc352614de36

SHA512
3f5ca3dab7d3662c38f3ea3b72ecdd54162ce0aff9923573ec7555f5a1449e34b9dedeb325629af7cc219a91f8dc008a8158088dd3c781f79274963e66f3af44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe

Filesize
468KB

MD5
645af0f7234b364c666eb27c15721c95

SHA1
6695876f5ec4f1501274e1fbd64f62634885060b

SHA256
36aef3ccd66722727c1066d15fcd451bced27a2a318e5a9f0ccbbbc3396e65bf

SHA512
993f59cdfe9383b27c95e59d25f0933df25a6098df9afdd923f95f4802f95a00f896c8ce15b61c880d158a42f7a2bc79c03ef0b57b4b477202b9852d7647fcd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe

Filesize
468KB

MD5
2b4febd7bf862c9770e4633a3ffe7aec

SHA1
0d364ca3bdbaa756bf01775713b359a191e03f3e

SHA256
ee7ba97ef09e964436ab8ef1c0adf02224ccbfb1c3b3f6c8773d7ece3da51656

SHA512
c2259f50cac0d7e1720ff1e48972d2ee8dc4ca9671c28988a804b0a30c2283ae05e324afd56e867f4d0e466991ab85e5ff49489a20c98faf856d1d2e3b9f8595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe

Filesize
468KB

MD5
ed9a806b23feff770a7cc3f049645e90

SHA1
d2fb8aea085befcf749d7fc31539cde4b8f4dc96

SHA256
5d6e607e5de087c83f88859a95847da07ffbdaea20163099a8da338e28e8db6b

SHA512
327f80edfcebc6294c4d1db1b0476876d72037e9be300e2091306b331897a1c149ded190f74cf539f22c973d874e1c2998ba13864d7ec8bfd3e9d077130d0a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe

Filesize
468KB

MD5
2b50fce93f0912609caf2570cb2f27bb

SHA1
d58b200880b3ae7b9eb002b290263c313bccbb44

SHA256
40623287b73e67320eae4ce393a1488b81337b5cdad79a0091fe64bdbc292307

SHA512
6fa85e53ca2751c814222d834033e68aa47e03ae99374db19ce562ba1e76b1e7560c5a1b1b254f30c614ab776640098a25132c47dd83f62b637139f53ee95b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe

Filesize
468KB

MD5
5b6f239d064359564d4e2ecc80d673a7

SHA1
8916e1dd5fc0ae381005a8d94e1202362ed5da8f

SHA256
fd6cff932861c2ad78c4896bdde777d45237bc50687c954ac29a0a887dbca773

SHA512
e347fd4ce0a9d933a0f39f12af60acebf4150542ea38dd7e5e392f1554e3f33dfe5ae99040e376deec3407801f0d1b8bc7d53195e1b3b4872df4468a891cf668

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe

Filesize
468KB

MD5
69749da15a39ddff0f7f856560154037

SHA1
70006693c65c58302eee9c15aa1397d90eb393b9

SHA256
8c59cceeeb7cea34d3275793a9bd1e0e4bf2878fd04602b90cb5d9b61ecb0d61

SHA512
ab8445943dc97816a8dcc5af0ac9181c786a0e7436f95580827a0194b9199027cd3992971d5cc7caf990377e9d2525236e673a927bb7a57e6e11b4828a0f44fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe

Filesize
468KB

MD5
dfc62699e3967a2362695c0192ff9f07

SHA1
bdc9a5877bc6c2a63072161c8f2b98ff6471c878

SHA256
0ad1f1e135c17d98d6883cfce222d7350ec19b0fc53de3c5a179f47c6d5d8f88

SHA512
c3c5212853b1d44278d31825abb14fcd60d3018c274f9dca991f03fcb7383c18f45e4baee5a51d80820a72fa16d6200af96cbb165eb9f13c3af69253100170e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe

Filesize
468KB

MD5
c764d32bd1d69fee8b6826e2a4b3424d

SHA1
a2679e6444dea9ac42e809e2826b7e6886955895

SHA256
36a90d9346fb2a628ecbb6a91f4628847d108401f075b8bbfa811f683b5e58f2

SHA512
6299e823efb3dd9b1f49b259012fe17a0b7af8d11c6668e6e4f6d3ddb2911c3e0d872b582bdc933026eafbc95088a734043209dea7e663071edf6c557420d7b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe

Filesize
468KB

MD5
1e44bce9132612313a90d9cea78c5d46

SHA1
8a8b09e82c01d606383c8b2fc0c46c14a1d69dbc

SHA256
b29c4aad7fcb7f11b695b33f4fa1bc9dd6f05589b810302f4dff4ade9aff3f4e

SHA512
2ebe54bfca9a1f6bbff5fbf9a52700727043b4bdedf5709e6e53629353690576c1ad88560151748de706a38d3f6bf8934b80950502910e1e94f11ea92726b0e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe

Filesize
468KB

MD5
c3efc024b8b8d8e175cfc8f909c7ca2c

SHA1
f4d250acb557c8700a9d0bf71a3a9ae360a47f2d

SHA256
f3b2b396f58af0effab9928a85d6b7c4924469b8b6bc746481e36cd0442f4cbe

SHA512
c8281f6fd9db36cbad1cf8fa87f700f5341a9f88d87b5e85942b18306239af49a47b92027b9bda1be2844ee81f89607d18ac2aed9986c36cd0a8ee166e89fc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe

Filesize
468KB

MD5
1fade18da3c4bc9be23dfeaab0e1cc1c

SHA1
1b4fe59b471e8705371074fc08cfb93d20bc7c93

SHA256
34f333408b1297397225a5ed4142c209907f41e2c8ee6f6d14e96e585858b58a

SHA512
3c79f7a6b23d5c65ae7891813d2f16246505a6e560599827ce6c30eb4f9397a40620c4dc1306f7767a58d755d765340c8b32c3e718029559e2dac1b7e051a69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe

Filesize
468KB

MD5
bd0003421bf9b2eb30f4f583f36b1a60

SHA1
50c538406feeb049109c9db3b076de5302420d51

SHA256
faf0f08a90d836a1fb760f9caab4c126672ac3d0f312afd1c6400e6c38ab2f55

SHA512
890931610788aa9f3110da92e92baa925b5f1ed0554f117e887256cd120983d5cb6e6e9d1bd88ab6f8758eef23c0e19bd39413ff0f99840e0741ee4e20b3ff71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe

Filesize
468KB

MD5
c074e04eab283d9d4e08b7271fbe8ff4

SHA1
0d91283c43aecb49c9c87e9badf382730a58736e

SHA256
354b7195c5184ab2e784b53883232885cabab7a7876c6b9286715bc4106f4687

SHA512
a31673610cf6ed8204931e9f2584bd5f227c2bf84be1705cc2b1e4f598ae41a3cd92daf7a6c3be14c146f84b9b8164c8eaafdfedffdcd5a670db49454cd292fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe

Filesize
468KB

MD5
beb4a77ae2dc37b340a53494208fe760

SHA1
2f78cc5a892427733cd335b390d64faf4f25ad65

SHA256
d4546ed3479630d63e84eb42cdb7f740ba4b7516bf054fa04f0eaed3573cebd3

SHA512
1874b57861f6c32fcfd682be5dda0ea49407234373bbad80353fd0c4e47699fd11fb94c186b14edf9c71fbddd47544884b37f6295482a59c81a8a86b3c71d88a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe

Filesize
468KB

MD5
5a6476ecf16f173074d1a9d3df6ab429

SHA1
eeb5259b4585808cb3e68dcfc807e1d755568918

SHA256
4b88b3ad88d16709ea33421ecd4d8f897664f0bd0468082bfa5590c52df8435a

SHA512
fc50529165701dff385de7272f366d5e66543571642bf70b80b8194cd8f20693d8787f47407896ef9ddaa192aba2d8e84db61b9c069be09c46136fa90a580ce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe

Filesize
468KB

MD5
caf470b8dab152bbbb8639c743f66f70

SHA1
73fef94f2ce3a651e7ebeafd9a5772e88adeb188

SHA256
4b22d850e4d3d43fff38bc2f0ec0feec67182eb4a56d7d4c96c9eb1f3ee363f5

SHA512
c9bda7447338e779aab60f98031b01d8a2370bf934226e6c33d7a95885a6aeea83c2428782e33cb024da983a3b6e62db3e81e552c7737ed41317ecb719ccb449

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe

Filesize
468KB

MD5
24453b2238747be67d4d5a0e1117c740

SHA1
0ccda7eb8966f21fc3e5da44f3e2b355ac0a9d6a

SHA256
b896750aa69f24b3ed3ff08f2902cfaf2e7b26d35a521aa656964ab1cd898457

SHA512
19c69ce63ee3249a8fc77219d47d6ee02d163fe43d28d1e7fc614a4fcd934adae2e3d0a2808a42e165249a91a017f8644553d087850f78155de08a851ae25e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe

Filesize
468KB

MD5
34acb5cf3f6a26cc92f4aa272750f3d4

SHA1
936ab5b6f6a2037524a0f5613995e03a5508f37e

SHA256
ba6b3aea8f92a06049ce417fdb53de9e833ddcb03067d6c24ae583df7d9fbb9a

SHA512
ec4a22f2921f7299969539bb0d127bde9e67f96e464e6dc59b9964dad3b37cf342b171f2a3e1c2b567c9d793fa258621241f4a3cf9f2116096b9b2bbbce84147

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe

Filesize
468KB

MD5
047d5d617a51f1f455778015e79b38af

SHA1
c9f1335ea05d6b13b2b2e16f3da54b19555fa2cf

SHA256
aedcc3eb3a835a0b8c08969888cc0350d913c00f3db5fda6f8d2e1a37d232a8f

SHA512
8b007299465cd9752d88ad006624f52e1498d599b5f90efc27f90f609912cc5a08c93de3761bc873061edcc45e324606df0f364169bbd970922476d57b5572c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe

Filesize
468KB

MD5
3262d1f9b6323cf851272dec8b5d1001

SHA1
23d7eba4f40ab602e239064f9912beaa69b5cfb0

SHA256
ac7edddf706035c6a7a00798bf087a84fde6c574545bf92228ee4a8371bdc432

SHA512
55731f9af3e4dc8a946281131d321c62af8e69acfd53c07903324d79721effa22e66a82165e040f34ab6b55f523801760abdb043319aba2ddb27c189be7efb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe

Filesize
468KB

MD5
caa0d771a655e9119709ac8ca12c8d4e

SHA1
4abbfa6c0726d26100ba864f92691f8fd4be52cf

SHA256
1f63efb4302edce49d871e00718130e4a7f44a36d06d7c55808b6fac0f2b1c23

SHA512
b38bbde1a6aabd4dc24b9774a1f3df5243c1cf060d8586b87041dd2a691596496b7ca3f8e1f53dd4efb58567cae8aa235eed9f92074a20460f0a45e8af800e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe

Filesize
468KB

MD5
1be5d71e8189709589cd00361c92846d

SHA1
f10b207706e2c3fb65ec42825ce73d433f119482

SHA256
dadb269f96b582de90e4d8a11f5821fe50c4cfc7bf570fc4004e77f95078962f

SHA512
a4d1afe004993962cdb201a771dd22e61d04689040b84ed34a2af587618f7085621f5daba671b4e6f37cceb13b7e2cc841fbf5327408fb356c588afb7b34c591

Download Submit
memory/780-3041-0x0000000075810000-0x0000000075884000-memory.dmp

Filesize
464KB

Download
memory/5072-2941-0x0000000075810000-0x0000000075884000-memory.dmp

Filesize
464KB

Download
memory/16912-2590-0x00007FF864690000-0x00007FF864885000-memory.dmp

Filesize
2.0MB

Download
memory/16960-2726-0x00007FF863C00000-0x00007FF863C59000-memory.dmp

Filesize
356KB

Download
memory/17060-2700-0x00007FF864690000-0x00007FF864885000-memory.dmp

Filesize
2.0MB

Download
memory/17332-2655-0x00007FF863C00000-0x00007FF863C59000-memory.dmp

Filesize
356KB

Download
memory/17344-2552-0x00007FF864690000-0x00007FF864885000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads