7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f

Analysis

max time kernel
148s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe
Size

184KB
MD5

287e133e4fc0460bf1bc2277a93ab047
SHA1

85fe9f6d3b464c87e57d968a94f54441017ef6b4
SHA256

7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f
SHA512

9b823cd7fc5397bbc0529a105a44c0c1e554402fe7e0515bff4b8c311b31ff6098165e0889bf01b1e954f873f8e3f0721a83ac9d02d7d1f21e9d2e267ebb5a79
SSDEEP

3072:1qdo2moNpo0PwdWTTCPCz0sKX/vnqnviuF:1qqovsWTnzxKX/Pqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1420	Unicorn-41812.exe
4552	Unicorn-28382.exe
1520	Unicorn-20768.exe
2280	Unicorn-10182.exe
4616	Unicorn-42532.exe
4664	Unicorn-9113.exe
3412	Unicorn-64436.exe
740	Unicorn-26265.exe
4872	Unicorn-62699.exe
532	Unicorn-64090.exe
680	Unicorn-64090.exe
964	Unicorn-61630.exe
4008	Unicorn-9828.exe
4392	Unicorn-15959.exe
3424	Unicorn-33099.exe
3076	Unicorn-32186.exe
1924	Unicorn-11443.exe
5060	Unicorn-51236.exe
4580	Unicorn-5142.exe
1468	Unicorn-6119.exe
1196	Unicorn-16980.exe
3096	Unicorn-31885.exe
4968	Unicorn-49290.exe
3600	Unicorn-18564.exe
3308	Unicorn-12433.exe
4056	Unicorn-28355.exe
660	Unicorn-47956.exe
2916	Unicorn-56696.exe
4940	Unicorn-5818.exe
4112	Unicorn-47406.exe
1884	Unicorn-39560.exe
5100	Unicorn-29345.exe
4372	Unicorn-65387.exe
3220	Unicorn-43243.exe
452	Unicorn-34791.exe
3980	Unicorn-35345.exe
4524	Unicorn-20100.exe
4484	Unicorn-49757.exe
1296	Unicorn-25807.exe
2004	Unicorn-40255.exe
4608	Unicorn-364.exe
3164	Unicorn-36798.exe
1988	Unicorn-52580.exe
4852	Unicorn-12616.exe
4860	Unicorn-64070.exe
1744	Unicorn-53135.exe
4144	Unicorn-51511.exe
2680	Unicorn-50634.exe
3672	Unicorn-44504.exe
5116	Unicorn-2502.exe
4408	Unicorn-45216.exe
3740	Unicorn-39351.exe
1732	Unicorn-59979.exe
2160	Unicorn-19908.exe
1768	Unicorn-42.exe
4272	Unicorn-8423.exe
1912	Unicorn-19284.exe
3720	Unicorn-7546.exe
1068	Unicorn-14737.exe
2552	Unicorn-61800.exe
3224	Unicorn-1132.exe
3252	Unicorn-20161.exe
5068	Unicorn-57432.exe
4640	Unicorn-22357.exe

Program crash 24 IoCs

pid	pid_target	Process	procid_target
5588	5132	WerFault.exe	173
6416	5908	WerFault.exe	198
6604	5900	WerFault.exe	197
8156	5908	WerFault.exe	198
372	5900	WerFault.exe	197
11172	5516	WerFault.exe	212
5264	16488	WerFault.exe	831
5044	17292	WerFault.exe	874
5792	5820	WerFault.exe	991
5636	17060	WerFault.exe	847
4080	17084	WerFault.exe	850
5180	17300	WerFault.exe	875
16536	17476	WerFault.exe	885
16452	17484	WerFault.exe	886
712	17524	WerFault.exe	887
17168	17472	WerFault.exe	908
6200	18200	WerFault.exe	903
4436	17608	Process not Found	1082
18488	5240	Process not Found	1112
14636	17816	Process not Found	1157
1020	6140	Process not Found	1118
18920	7960	Process not Found	1106
11960	19252	Process not Found	1212
12108	13168	Process not Found	639

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18508	Process not Found
Token: SeChangeNotifyPrivilege	18508	Process not Found
Token: 33	18508	Process not Found
Token: SeIncBasePriorityPrivilege	18508	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe
1420	Unicorn-41812.exe
4552	Unicorn-28382.exe
1520	Unicorn-20768.exe
2280	Unicorn-10182.exe
4616	Unicorn-42532.exe
4664	Unicorn-9113.exe
3412	Unicorn-64436.exe
740	Unicorn-26265.exe
4872	Unicorn-62699.exe
680	Unicorn-64090.exe
964	Unicorn-61630.exe
4392	Unicorn-15959.exe
4008	Unicorn-9828.exe
532	Unicorn-64090.exe
3424	Unicorn-33099.exe
3076	Unicorn-32186.exe
1924	Unicorn-11443.exe
5060	Unicorn-51236.exe
1468	Unicorn-6119.exe
4580	Unicorn-5142.exe
3096	Unicorn-31885.exe
1196	Unicorn-16980.exe
660	Unicorn-47956.exe
3600	Unicorn-18564.exe
4968	Unicorn-49290.exe
2916	Unicorn-56696.exe
3308	Unicorn-12433.exe
4056	Unicorn-28355.exe
4940	Unicorn-5818.exe
4112	Unicorn-47406.exe
1884	Unicorn-39560.exe
5100	Unicorn-29345.exe
4372	Unicorn-65387.exe
3220	Unicorn-43243.exe
452	Unicorn-34791.exe
4524	Unicorn-20100.exe
4484	Unicorn-49757.exe
1296	Unicorn-25807.exe
2004	Unicorn-40255.exe
4608	Unicorn-364.exe
3164	Unicorn-36798.exe
1988	Unicorn-52580.exe
1744	Unicorn-53135.exe
4860	Unicorn-64070.exe
4852	Unicorn-12616.exe
3740	Unicorn-39351.exe
5116	Unicorn-2502.exe
2680	Unicorn-50634.exe
4144	Unicorn-51511.exe
3672	Unicorn-44504.exe
2160	Unicorn-19908.exe
1732	Unicorn-59979.exe
4408	Unicorn-45216.exe
1768	Unicorn-42.exe
4272	Unicorn-8423.exe
3720	Unicorn-7546.exe
1912	Unicorn-19284.exe
1068	Unicorn-14737.exe
2552	Unicorn-61800.exe
5068	Unicorn-57432.exe
4640	Unicorn-22357.exe
4784	Unicorn-2101.exe
3252	Unicorn-20161.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 1420	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	89
PID 4452 wrote to memory of 1420	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	89
PID 4452 wrote to memory of 1420	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	89
PID 1420 wrote to memory of 4552	1420	Unicorn-41812.exe	92
PID 1420 wrote to memory of 4552	1420	Unicorn-41812.exe	92
PID 1420 wrote to memory of 4552	1420	Unicorn-41812.exe	92
PID 4452 wrote to memory of 1520	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	93
PID 4452 wrote to memory of 1520	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	93
PID 4452 wrote to memory of 1520	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	93
PID 4552 wrote to memory of 2280	4552	Unicorn-28382.exe	96
PID 4552 wrote to memory of 2280	4552	Unicorn-28382.exe	96
PID 4552 wrote to memory of 2280	4552	Unicorn-28382.exe	96
PID 1420 wrote to memory of 4616	1420	Unicorn-41812.exe	97
PID 1420 wrote to memory of 4616	1420	Unicorn-41812.exe	97
PID 1420 wrote to memory of 4616	1420	Unicorn-41812.exe	97
PID 1520 wrote to memory of 4664	1520	Unicorn-20768.exe	98
PID 1520 wrote to memory of 4664	1520	Unicorn-20768.exe	98
PID 1520 wrote to memory of 4664	1520	Unicorn-20768.exe	98
PID 4452 wrote to memory of 3412	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	99
PID 4452 wrote to memory of 3412	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	99
PID 4452 wrote to memory of 3412	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	99
PID 2280 wrote to memory of 740	2280	Unicorn-10182.exe	101
PID 2280 wrote to memory of 740	2280	Unicorn-10182.exe	101
PID 2280 wrote to memory of 740	2280	Unicorn-10182.exe	101
PID 4552 wrote to memory of 4872	4552	Unicorn-28382.exe	102
PID 4552 wrote to memory of 4872	4552	Unicorn-28382.exe	102
PID 4552 wrote to memory of 4872	4552	Unicorn-28382.exe	102
PID 4664 wrote to memory of 532	4664	Unicorn-9113.exe	104
PID 4664 wrote to memory of 532	4664	Unicorn-9113.exe	104
PID 4664 wrote to memory of 532	4664	Unicorn-9113.exe	104
PID 4616 wrote to memory of 680	4616	Unicorn-42532.exe	103
PID 4616 wrote to memory of 680	4616	Unicorn-42532.exe	103
PID 4616 wrote to memory of 680	4616	Unicorn-42532.exe	103
PID 1520 wrote to memory of 964	1520	Unicorn-20768.exe	105
PID 1520 wrote to memory of 964	1520	Unicorn-20768.exe	105
PID 1520 wrote to memory of 964	1520	Unicorn-20768.exe	105
PID 3412 wrote to memory of 4392	3412	Unicorn-64436.exe	107
PID 3412 wrote to memory of 4392	3412	Unicorn-64436.exe	107
PID 3412 wrote to memory of 4392	3412	Unicorn-64436.exe	107
PID 1420 wrote to memory of 4008	1420	Unicorn-41812.exe	106
PID 1420 wrote to memory of 4008	1420	Unicorn-41812.exe	106
PID 1420 wrote to memory of 4008	1420	Unicorn-41812.exe	106
PID 4452 wrote to memory of 3424	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	108
PID 4452 wrote to memory of 3424	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	108
PID 4452 wrote to memory of 3424	4452	7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe	108
PID 740 wrote to memory of 3076	740	Unicorn-26265.exe	109
PID 740 wrote to memory of 3076	740	Unicorn-26265.exe	109
PID 740 wrote to memory of 3076	740	Unicorn-26265.exe	109
PID 2280 wrote to memory of 1924	2280	Unicorn-10182.exe	110
PID 2280 wrote to memory of 1924	2280	Unicorn-10182.exe	110
PID 2280 wrote to memory of 1924	2280	Unicorn-10182.exe	110
PID 4872 wrote to memory of 5060	4872	Unicorn-62699.exe	111
PID 4872 wrote to memory of 5060	4872	Unicorn-62699.exe	111
PID 4872 wrote to memory of 5060	4872	Unicorn-62699.exe	111
PID 4552 wrote to memory of 4580	4552	Unicorn-28382.exe	112
PID 4552 wrote to memory of 4580	4552	Unicorn-28382.exe	112
PID 4552 wrote to memory of 4580	4552	Unicorn-28382.exe	112
PID 680 wrote to memory of 1468	680	Unicorn-64090.exe	113
PID 680 wrote to memory of 1468	680	Unicorn-64090.exe	113
PID 680 wrote to memory of 1468	680	Unicorn-64090.exe	113
PID 4616 wrote to memory of 1196	4616	Unicorn-42532.exe	114
PID 4616 wrote to memory of 1196	4616	Unicorn-42532.exe	114
PID 4616 wrote to memory of 1196	4616	Unicorn-42532.exe	114
PID 4392 wrote to memory of 3096	4392	Unicorn-15959.exe	115

C:\Users\Admin\AppData\Local\Temp\7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe
"C:\Users\Admin\AppData\Local\Temp\7033153b7f68813162b3c035e4057089e3da35574eda65284d9e7951fe14610f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26265.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        10⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        10⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        10⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        10⤵
        
        PID:18200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18200 -s 436
        11⤵
        Program crash
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        9⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        10⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        10⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        10⤵
        
        PID:17484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17484 -s 436
        11⤵
        Program crash
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        9⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        9⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        9⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        9⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        9⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        8⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        8⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41292.exe
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        9⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        9⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        9⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
        7⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 632
        8⤵
        Program crash
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        7⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        7⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        7⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        9⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        9⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        9⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        9⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        9⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        9⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        9⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        8⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        8⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        8⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        7⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        7⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50686.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        8⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        8⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        7⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        7⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
        7⤵
        Executes dropped EXE
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        9⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        9⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        9⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        9⤵
        
        PID:17616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        8⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        8⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        8⤵
        
        PID:18192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24470.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        6⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        8⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        8⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        7⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        6⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        7⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        6⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        9⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        9⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        9⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        8⤵
        
        PID:17668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
        8⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        8⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        7⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        8⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        7⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        7⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        8⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        7⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        7⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        7⤵
        
        PID:17752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        7⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        6⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        6⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        5⤵
        Executes dropped EXE
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10307.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        7⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        7⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        7⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        6⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        5⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        5⤵
        
        PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        8⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        7⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        7⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        6⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        7⤵
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        6⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        6⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        7⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        6⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        6⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        5⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2572.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        6⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        6⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        5⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        5⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        5⤵
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
      4⤵
      PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        8⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        8⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        7⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        7⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        6⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        7⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        7⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        5⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        7⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        7⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        6⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        6⤵
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        5⤵
        
        PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        7⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
        6⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        6⤵
        
        PID:17888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        6⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        6⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        5⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        5⤵
        
        PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
        7⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        6⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        5⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        5⤵
        
        PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        6⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        5⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        5⤵
        
        PID:16352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2284.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51606.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        6⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        7⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        6⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        5⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27642.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        6⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
        6⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        6⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55963.exe
        5⤵
        
        PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        5⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        5⤵
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        7⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        7⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        6⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        5⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        5⤵
        
        PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
      4⤵
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        6⤵
        
        PID:17084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17084 -s 436
        7⤵
        Program crash
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        5⤵
        
        PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        5⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
      4⤵
      PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
      4⤵
      PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        6⤵
        
        PID:17060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17060 -s 436
        7⤵
        Program crash
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        5⤵
        
        PID:16488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16488 -s 464
        6⤵
        Program crash
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      4⤵
      PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
      4⤵
      PID:7288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
    3⤵
    PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        5⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        5⤵
        
        PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
    3⤵
    PID:7572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
    3⤵
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
    3⤵
    PID:13720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
    3⤵
    PID:17536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
    3⤵
    PID:4212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        7⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        7⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        6⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        6⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        5⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        5⤵
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        5⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        7⤵
        
        PID:18260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        6⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        6⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
      4⤵
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        6⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        5⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        5⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        5⤵
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        5⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
      4⤵
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
      4⤵
      PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
      4⤵
      PID:432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        7⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        6⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        6⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        6⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        5⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        6⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        7⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        5⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        5⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
      4⤵
      PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
        7⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        7⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        6⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        6⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        6⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        6⤵
        
        PID:17300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17300 -s 436
        7⤵
        Program crash
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        6⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        5⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
      4⤵
      PID:5900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 632
        5⤵
        Program crash
        
        PID:6604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 652
        5⤵
        Program crash
        
        PID:372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
      4⤵
      PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20571.exe
      4⤵
      PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        5⤵
        
        PID:17472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17472 -s 444
        6⤵
        Program crash
        
        PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
      4⤵
      PID:17116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
    3⤵
    PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        5⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
      4⤵
      PID:14748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
    3⤵
    PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
      4⤵
      PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
      4⤵
      PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
    3⤵
    PID:10304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
    3⤵
    PID:14192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
    3⤵
    PID:16404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        5⤵
        
        PID:5132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 464
        6⤵
        Program crash
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        6⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        5⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        6⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        6⤵
        
        PID:17292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17292 -s 432
        7⤵
        Program crash
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        5⤵
        
        PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        5⤵
        
        PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
      4⤵
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
      4⤵
      PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
      4⤵
      PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        7⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        7⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        6⤵
        
        PID:17524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17524 -s 464
        7⤵
        Program crash
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        6⤵
        
        PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        6⤵
        
        PID:17580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        6⤵
        
        PID:508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        5⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        5⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
      4⤵
      PID:5908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 720
        5⤵
        Program crash
        
        PID:6416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 756
        5⤵
        Program crash
        
        PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
      4⤵
      PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
      4⤵
      PID:16760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        5⤵
        
        PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        5⤵
        
        PID:17476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17476 -s 464
        6⤵
        Program crash
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
      4⤵
      PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        5⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
      4⤵
      PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
      4⤵
      PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
    3⤵
    PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
      4⤵
      PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
    3⤵
    PID:10348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
    3⤵
    PID:14220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
    3⤵
    PID:16608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
    3⤵
    PID:6896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65387.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        5⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        5⤵
        
        PID:17984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
      4⤵
      PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      4⤵
      PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
    3⤵
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14967.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        5⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      4⤵
      PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
      4⤵
      PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
      4⤵
      PID:16652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
    3⤵
    PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
      4⤵
      PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      4⤵
      PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
      4⤵
      PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
    3⤵
    PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
      4⤵
      PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
      4⤵
      PID:17760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
    3⤵
    PID:10748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
    3⤵
    PID:14304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42434.exe
    3⤵
    PID:17684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
    3⤵
    PID:6512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        6⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        5⤵
        
        PID:17608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        5⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
      4⤵
      PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
      4⤵
      PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
      4⤵
      PID:17100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
    3⤵
    PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
      4⤵
      PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
      4⤵
      PID:712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
    3⤵
    PID:10068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
    3⤵
    PID:13380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
    3⤵
    PID:16992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        5⤵
        
        PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
      4⤵
      PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
      4⤵
      PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
    3⤵
    PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
      4⤵
      PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
      4⤵
      PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
    3⤵
    PID:13172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
    3⤵
    PID:16072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
    3⤵
    PID:16512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
  2⤵
  PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      4⤵
      PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
      4⤵
      PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
      4⤵
      PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
    3⤵
    PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
    3⤵
    PID:12924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
    3⤵
    PID:16240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
  2⤵
  PID:6004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
  2⤵
  PID:9840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
  2⤵
  PID:13516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
  2⤵
  PID:17180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5132 -ip 5132
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5900 -ip 5900
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5908 -ip 5908
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5908 -ip 5908
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5900 -ip 5900
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5516 -ip 5516
1⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 16532 -ip 16532
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 16476 -ip 16476
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 16464 -ip 16464
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 16488 -ip 16488
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 17092 -ip 17092
1⤵
PID:5820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 368
  2⤵
  - Program crash
  PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 17084 -ip 17084
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 17060 -ip 17060
1⤵
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 17300 -ip 17300
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 17216 -ip 17216
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 17012 -ip 17012
1⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 16768 -ip 16768
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4336 -ip 4336
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 16520 -ip 16520
1⤵
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 17476 -ip 17476
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 17152 -ip 17152
1⤵
PID:16468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 17684 -ip 17684
1⤵
PID:17140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 17152 -ip 17152
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 17736 -ip 17736
1⤵
PID:16636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 17584 -ip 17584
1⤵
PID:16748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 18192 -ip 18192
1⤵
PID:17168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 17776 -ip 17776
1⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 17788 -ip 17788
1⤵
PID:16612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 18200 -ip 18200
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 18228 -ip 18228
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 18176 -ip 18176
1⤵
PID:10908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe

Filesize
184KB

MD5
8f8eb0e4b5884d8a9a06b4e2b122dccc

SHA1
4a6588db2cdae0ab1a92eea0408805d2e1694f2c

SHA256
d27912b01649408fcb8854c0f17618c5fd28ee570fb62c78b60bf2d07517e19a

SHA512
9eec5954daa0164d848afcd8acd994d8f1addc3ef3bb2a4535fd95bb88e1c056e11911be30cd77aa4929b140e41e2240d774dfa996e84bbb83ce5fe948b71347

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11443.exe

Filesize
184KB

MD5
63b592df0abf1d271873d1643431dc05

SHA1
b1313f2d7651ba6f9188feb24bcf14971563d229

SHA256
5526c4396dd20f89b09e7e9c063297db5a7cd8841625bdafa452785b1771a23d

SHA512
38f190826eefe457a4c07921485e4a43cf101130894504873c1cbf1b1371280d28748ab7fbb39337ee9dd99db4fa69bf835e5ccd3ac58a8cacaffa2d492cbee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe

Filesize
184KB

MD5
f518fa037583adca5b947afd55d8a82c

SHA1
7e35c4ceecbeb264c589b1b2ccb0e1123fa86270

SHA256
117e022215c8bc26d9eebff4bd80d236b7399db80b7a9586eaa0aa71deeb51e9

SHA512
377d3b494b4d4fefc674ec20078f76fd68152a741dee46d47965910735002b42e74874dee864c805c7cdbc33371df06500297c5b922592562d2b0931ebecd3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe

Filesize
184KB

MD5
8355e25a40180971d53681f7582512a2

SHA1
d226999d5fd4c7e49d621c21508a6e10f4406d68

SHA256
b0a08de22ec2ae5e1eaa4af37befd3b3300fd58abbf27adf91610ef14285e64f

SHA512
f101d8e6c0f49a1d33c18c5be6ad8399caa20f8cacf264485f64da7e1797b4cad3a6d638fc8635a466f5d12c999a7e9238cd26e25610a7c8f97fabea1a015934

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe

Filesize
184KB

MD5
60a8955443ae4a5e980af368be72bc07

SHA1
5f9e9c9521732467480e84ab69e22659f28cedcc

SHA256
9b3f68b719e12cf3249759b4d771644a0a6e8ed9c40619441f03402cdaad9318

SHA512
6a7961ba8376210c95dc669ba3cc6c5327dc1ef59f02eb81771d0cf4704b54db609acc75da159e44f993b40b2940125a9c7e3ed071fdedb7cfdfb918085af3d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe

Filesize
184KB

MD5
08a1cdd10543094f66e174e61b72555e

SHA1
6b0cfe5466acbf12d1f5f579304e21339c4305e1

SHA256
b9a1ae3b1100fc28a676cdf3af77e9e03874d466747176ffd743f48dff880013

SHA512
7eec1f578debdef5cad3a661332285a1f814406b6da96f3067f2abf48273918aa8c5a60d977d731d4fe0a03193e6277699791a68e036b2806a7f593a3df57839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe

Filesize
184KB

MD5
dd2bc63290334912c08a4d16fddaa027

SHA1
85dc1f0b2a24c41b24be4a8428d326aa2326d456

SHA256
acd8ff5d7d48673fa8375fe1c954354b7eefe41038fd8ad531bc5b1144eb7bd6

SHA512
bfc09003e9dc9dd180add7e13bbe061a68c14297fec8f90d5d4b7d90682bcd909a8a226cdbbf21744eb9a7310538e28ee36236079084f06cf57660d91015c001

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe

Filesize
184KB

MD5
59a33b238d241c8c0e2c26a54a8b52e0

SHA1
142c1b0e3ad331c2a0e3798f0aa77e3784800882

SHA256
626defb925f4c6123336c4f869d028b188310c99e81244c8da7e44919c974bd5

SHA512
fa7cf2a409a85c37696f81b2b4f78a6e3e03eb10f655cbdf930e2dae1474e6bf98565fd56232e389857cf1fd5757db6b73fc5a6c9c5463dad24d4b378bb3b03a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe

Filesize
184KB

MD5
e85106a20dcd36ab37e36d426647e8f5

SHA1
5472ef3029025700daa9c17db21274a1a350ac6f

SHA256
8e579e7cbd6d50f1c8fe3c329fe0f8c4b46c7709ea7ee774333a66bd32fc325e

SHA512
5819dda9d545eb203413ffa27c3d3d694a4985a13651be73aaed4c6fa5796907c4c88ac80b9ed315faec9077c7dfbe5942d7028f3dc3776f477b442b2e25547f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26265.exe

Filesize
184KB

MD5
2a434ffa212a4b775db4998f79343e65

SHA1
70a3b81de2cc273c1b671d8b2d75f65e02654cc5

SHA256
3add037220a16ee1c333c8a5dd47176d8c22ba942492fa12188d76e590ca8f91

SHA512
8e6ede2f47adb23e6cf0068a338bbff7b85b79464b6432c4bbdf1a2be0fd760a12853612f4c0ce12a32e31f038d6b7374c8870ea813214eb1a9218c867a73413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe

Filesize
184KB

MD5
10801c25680a1d1dbb1089e8a4f9b337

SHA1
6e6445d65789d734677634498d077acaa93e09d7

SHA256
61bd7d65446b43ae29a81ed8511955fbddc65e7f833997d1f21db39389388351

SHA512
0bf6d645a926323e7163922b0741ca2fd5b431dca82c1dcbbb6780e06a2f59f6ffad485b8bcdcaa1be3a4262583da61f7875024171f4570a227a7bdcf6ef724b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe

Filesize
184KB

MD5
1bf0723334024d7c3a1d580eeeaa5471

SHA1
49eeba13f907e0143ed482e45c41b8ad4759329a

SHA256
e6ff8b69eaa1c4520635af9c6893b2acdfee1dfceab0e880f54daa7685ad6b18

SHA512
7d98da39cf9622d800ba8e727f91809c77ce05fe84a515c2e4e91daf04ee4050162f86fad6fec5daf0b9ef8e7e1d4ed77fbaa63c9daf41e2afa648eca11e55e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe

Filesize
184KB

MD5
6085dab66b05674b4fd1aa42b44674c3

SHA1
ee7eb480e1184da8122fb1d831ad4d1eba6ddade

SHA256
a1d5cc7fac8942657c2b3d7cdb66c4cc716cdbbc27af81e39f66c2314af89cd3

SHA512
a1c60dbba08e8d8f93be136384fde07e06be4fa8f1724954c6d90e1cf470db898938786f0561cfa98fa2c7fa614d07d4637d68740f17938876b2d1afb625e48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe

Filesize
184KB

MD5
471aab710b06e74ab7c373e810565728

SHA1
276b6ed63ae526ad4a7df2fc3d6dfddc0a75d0db

SHA256
59e79e78951de70aa53d89aa6530747be1d1997404a60d99279acafe966e7d0d

SHA512
d7d4b79e147989d758e31c30877c524f0c7c1645c406b84a7d3b969a24b946f044c292fd5d2b82f45f3339f21b4a508e39c4593656c3f6fd39703daa3e7c537a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe

Filesize
184KB

MD5
0fb0476089b776eb5c17bf115a6437b0

SHA1
207333b52caf590b56561a84a9b0c31102234df7

SHA256
7cc002d0a0c20830eca8b019c3d865615fb1209e44a8ceee6741c822f1d06683

SHA512
fc9c3f380a8a4d5c583dc26bd546ee1fbf73970e681721defe8c0c0e7db6c75129ca942f1a94f2bab87593e4e5d3c61ec3a82765d8dd039dc40fc6e2c4fbdb00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe

Filesize
184KB

MD5
b03f09712c6f0ac73fe22cdc84812b70

SHA1
c81f44e5021e73808b94eb4f57a3b15430ca7faa

SHA256
70f91a29a4f79cef87f8f883537fa8d93b897fa2718edf4be7a7303304e79af5

SHA512
497937e294c9f890efb2238428a8872064c3b14d8a0d4ffab8d2cda7bdfa10afce1a40e9516e536c6985d473c1bbb32b2b6661845ba529fd1b9ddd33defd4422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe

Filesize
184KB

MD5
14ec4d6f0e83f42ebb80da2d2639c1b1

SHA1
0f83a3e4caef34d201561855d6deeda83aa9ffee

SHA256
bbf71f00ddb57652820ef1c91db02473e04018133fac6a23dae135d1298a0441

SHA512
a265e4d9541986d6f6f7a601c35c42be5c3d398e8ecc87f56f57c1ef857cb4775392b862702f26ea290926e2feadd4b21f39adb2a309d2d18d6d0540a3f90be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe

Filesize
184KB

MD5
8ce0a8585f204698207101e6cc9a78a9

SHA1
eaf15bc0903147d9973e2da407f4ffb0f415f4f3

SHA256
85829a525534a820ed6a2358914a37b205ef8c79d7dea3af418ce4b496419076

SHA512
b78c233406b658a160fd278f3a8d09ec4323746f9c9938255343bdfa05137b9907456a2ca7c20737d4f8d01b61aa5efb430226a6aaf039d6cdbbcb5a94f6accd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe

Filesize
184KB

MD5
c6be450c20b7dc86ad079807a0e60566

SHA1
5c6f3a06d12953da1fc6573048cd5d52ce6e5add

SHA256
29e6de3a0ebd809ee78643ac2d7687ad66594ee9e8031f7dcc9c6382b1553c17

SHA512
14cda6a9db1fe34efdc979efc927311c9dece0fa200dd4dcd376f14170bf5ea4f3c914edefd411104636f043ba6f47ce2425b302d31401dae986dad5816ed743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe

Filesize
184KB

MD5
e60f6ff3b52419837bc465747c738537

SHA1
11484d13d0e36a0476255f2af01903df3e4167db

SHA256
33fb66e7296399bf944b47994b8ad51a842a43019205477501cf473d7a36ffde

SHA512
0b9f1565959e0e0463d1dc9f5021e102027c8a11a553bf3216aceaff175765220a3c4c0e435d9ccca758994e04a06a1cce280764c238d681f6b8c9282ac7709d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe

Filesize
184KB

MD5
d3984d9e5c87d8e287dd16b25bf937fc

SHA1
60128972547d8c38e97241c7e657a7b8879753af

SHA256
c8ed7adf2eb288101cd5e6e99168b4a0320d0d00285e9ff7e84deb54aa87c346

SHA512
9228c317dc0eb47f24bf6b56e35d337b4430235fa175e45838a8b774cf2664130b44845648a040c3e9e5203aafd91dfd25913b6d166f9073f487dd5b82466be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe

Filesize
184KB

MD5
8ef40b8a0e247fbe26ed743153a4b899

SHA1
7867b9b44d6518575ce3ec8d2641a9099104e023

SHA256
c7ea8c210c35c1cf1699fd029a9470ae74adfeb1771bf0d74bdf09415c9bc7a6

SHA512
a3bd9066b4751e438817c2d055d380125d7489f87eacceb5ca719158ceb9fa61ee55cedbabddc6ff3cf9f1ae1d80a15f914c2a03c71ac2363691fb1b4728bf92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe

Filesize
184KB

MD5
f5954c8f5d1fece083899b0b297b117e

SHA1
9c8b5b7b0b371915d345b9497bdd2e82be327baa

SHA256
befc68ad5a223574bdddf234cbdacfc48409a62073803d9dedf3662607777de4

SHA512
102eb5327f98d22c704e9e182567b1fedfa8e5e8e36d29640dad2e9dca52935df3ee3fca20de68f91b0fc2a7d60ba11c8e54ca30b73675f36c9bf3180437bc0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe

Filesize
184KB

MD5
bb511b8e26400c221ca7d42b09f753c5

SHA1
50e5909bc10e527a6d6ae320e7afe6f566e38087

SHA256
945e561eb6f4cbca8ae8d1d69903bf6f3fb11eb8745a0311beedc5a0a8cd2755

SHA512
fb62f99b5b1cced019fbbea4b3819570b0b50546c7ddf17e796269ab2983d165b9b40b289182e4643086e648b557f089bbf991c049683d0680ee05212b70f02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe

Filesize
184KB

MD5
9e70a2e5e769c073f487dd2acf7f9713

SHA1
85a3bc7eca0a7918169c2112a90c1d153d0bc4b1

SHA256
28a3e795145a111690fb9d40a29e2f4a26761edad4935b5d6dab04bc879056ec

SHA512
dd20a5f9aeeabc697520ac6d06b0432eda88038a8082071454166a4f029451ca19694f471d4358ebf3048f4937314cd1365a111321f46d2c9e241fed9a70cb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe

Filesize
184KB

MD5
99cf1bacc403c26d7dde4acffc1b308b

SHA1
d4825ffb6fe331dd51fee197ea5ce26d05f97451

SHA256
19b18d83e2f4f6daebe1976b3bc323137e30b8a7b4f365e76322757bf40c84b0

SHA512
c576f6a256f488b413fa55d093f887a5bebe9b713e5291303e456d69f42a72a44b194571b503ce7f43a5314cf5997fd746123fb7a877072c84797d3144644e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe

Filesize
184KB

MD5
95d6d51e4325f75fca067b41610e1346

SHA1
846a050779daf6c21fbc056274a022d307e88032

SHA256
c185b9fe07455ad329054948cb39a7c29e84add107958c3933d0046e2f07e237

SHA512
d037cc69c0bb4db2635ed523c4740771b01cd80a6e97391944d34799e209293ad3233257fe74c0c97c74a1bc146c438b00c3130f8731850d4a8d68301ca4be6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe

Filesize
184KB

MD5
bffc46d1bab619474ad317972ef26137

SHA1
1e71e98b8bfe1c50454a7410cd44b4539c08d557

SHA256
58f3e2af3a51013db461bcbc667ee58d788dc4cfdf309f37cbc7475d4caf5d44

SHA512
f54a9ef898323280e9ca66a3da93d38a8be5e86db5d05eb405d449e0778ea6d6033ded35292339642372679eb4aa942b5a720dc1215cdb372bd9640afd3c5a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe

Filesize
184KB

MD5
42df6cc3d449ce23496371c16a99c8aa

SHA1
b66797e3d67dfb62cabfb1bc8feeedcedb56fca4

SHA256
3114600806a0173568fd58c44c91223c07889fffb065a27a84268d1e34fe3476

SHA512
ec895ce5020edcc03672d2a93c920c49ecdc36eedc1742e709a3e21a836cf3501b443a51e669d994cdb83c46c6dd3b5520f6c9db9537605d9584a8e07cc76278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe

Filesize
184KB

MD5
f318e32ca0d9745c5c116e92d6985ee1

SHA1
b507144f4e6a0659e2d1e6ccc8c32038d5f3613f

SHA256
e284bd64887ec013614049de594e22323af61fbd1bc303ca13c5dc7b0e8fe277

SHA512
ff48731a0ec8cf737d228ae9c1dead4ec44a145255ee41acbe2c081f8350de583f7bf794ef440182be26053bf49aabb20a8d86c210a1aff3e6515ef9ec726dc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe

Filesize
184KB

MD5
e0159786e74944b16af014b27156b3e5

SHA1
35acd20f20b19cd5fb5a29d03296c49c5f182fed

SHA256
ab356fc62544b5e7f497349289e0382e64c09cbb9e56ab9fb1eee41311d3a8b2

SHA512
64843569ae547df00efa036bfeed4e54151b8a4ea1b8e7fba4398d4b2cb8ba358b01f617be5a41f9db886604fb909da497ecf480d47767bd6542f65cdbca4af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe

Filesize
184KB

MD5
80e8662ac4aaa0ce37fcadf098e34b87

SHA1
9c209414a45ea294d653d203ede122af224f1b9b

SHA256
bb200138b94dcc6ba1e7a39f31b62bc8c797ad63aa69e3741d1da8e467ad7c9f

SHA512
cb583769a27985e233f5574ad6f931f9326900949ae6d65f95e54b6baad93da69c8c7779f13ba430a1594d66443fd508c026139e78eb97b10c859fac43554bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe

Filesize
184KB

MD5
f7f5bdc5ec0d67c35a50465d547c2864

SHA1
9f9376cff5350e40c252b3528c7359d0a423cb6d

SHA256
00e032aa926865f8be7ee8972156ecbd8f03d8a2fd83926c9c282bd1c9f9378f

SHA512
9227cadd9eeb3cd4e67c517aed7a04647018d394637e01d1640bca16bd2b5e1fe9b0753421257f85ef242fb7eee305a6d6773bf1c2aa98e0f88fc8ccf67f0902

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe

Filesize
184KB

MD5
e2c1ea00340bbe960c7b66df02e58d90

SHA1
b15e65ea545358e5bfa32a6a72b4ed121068d621

SHA256
b49357cee4ef88bc7bc1fcf99507734a109d552726912c2c3613a843d1ef09dc

SHA512
425090d20781f5c20c6e87d43de00a49e499cb28ad052c41bdae2d3a55ed3da2be0d1d4b3f1c317245431eaab19f07159b12f0c59456474863465284590ac6c3

Download Submit
memory/508-3812-0x00007FFF993D0000-0x00007FFF99429000-memory.dmp

Filesize
356KB

Download
memory/1204-3816-0x00007FFF993D0000-0x00007FFF99429000-memory.dmp

Filesize
356KB

Download
memory/14064-3815-0x00007FFF993D0000-0x00007FFF99429000-memory.dmp

Filesize
356KB

Download
memory/16472-3814-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/18200-3839-0x0000000074C00000-0x0000000074D5D000-memory.dmp

Filesize
1.4MB

Download
memory/18512-3825-0x0000000075D80000-0x0000000075DF5000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads