f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe
Size

184KB
MD5

02200f55cd9ccc88d7962062df7d1461
SHA1

c4de8d7b6d3ddc1d7c8047d3603423754d8c9dd1
SHA256

f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80
SHA512

ba2f6c7dd31daf83d76d355e8fa8b04cd7e52539edd5bb82dcea47988624f97916856e95918988ad2ab013ddbc28d4c9a39f5a19a3ee10a293f31483818f73ae
SSDEEP

3072:PPU63konsbkJdVXZW+pn8x/zElvnqnxiuH:PPeo7HVXJ8dzElPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4716	Unicorn-31889.exe
1096	Unicorn-29183.exe
1840	Unicorn-12332.exe
3040	Unicorn-589.exe
3424	Unicorn-2021.exe
544	Unicorn-33070.exe
1552	Unicorn-56789.exe
4960	Unicorn-36246.exe
4964	Unicorn-46038.exe
4900	Unicorn-16511.exe
1512	Unicorn-57543.exe
3392	Unicorn-2212.exe
1408	Unicorn-65446.exe
2344	Unicorn-45846.exe
112	Unicorn-42285.exe
1856	Unicorn-13189.exe
2068	Unicorn-4829.exe
3876	Unicorn-1300.exe
2848	Unicorn-6867.exe
3588	Unicorn-10558.exe
1912	Unicorn-47486.exe
3516	Unicorn-30102.exe
4008	Unicorn-13573.exe
5020	Unicorn-39893.exe
4584	Unicorn-15419.exe
548	Unicorn-50829.exe
1280	Unicorn-51134.exe
4352	Unicorn-5213.exe
4088	Unicorn-32022.exe
1760	Unicorn-63717.exe
3580	Unicorn-63469.exe
4648	Unicorn-6998.exe
2020	Unicorn-5332.exe
4412	Unicorn-59494.exe
3776	Unicorn-25582.exe
4440	Unicorn-59878.exe
2212	Unicorn-33750.exe
3212	Unicorn-58254.exe
608	Unicorn-6780.exe
224	Unicorn-17443.exe
896	Unicorn-53423.exe
3952	Unicorn-2940.exe
916	Unicorn-3070.exe
2520	Unicorn-16483.exe
4768	Unicorn-63838.exe
2936	Unicorn-6469.exe
4372	Unicorn-44487.exe
1904	Unicorn-3132.exe
3352	Unicorn-60823.exe
1360	Unicorn-14637.exe
3160	Unicorn-62173.exe
920	Unicorn-10619.exe
2952	Unicorn-62421.exe
3564	Unicorn-21133.exe
3664	Unicorn-16484.exe
1612	Unicorn-5566.exe
2128	Unicorn-46215.exe
960	Unicorn-34517.exe
4760	Unicorn-65109.exe
2516	Unicorn-62551.exe
4240	Unicorn-47943.exe
4252	Unicorn-44828.exe
3672	Unicorn-64663.exe
3124	Unicorn-52006.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
6324	960	WerFault.exe	155
5260	5568	WerFault.exe	186
8016	7392	WerFault.exe	306
16088	4496	WerFault.exe	294
18000	15572	WerFault.exe	751
19368	18000	WerFault.exe	934

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8236	dwm.exe
Token: SeChangeNotifyPrivilege	8236	dwm.exe
Token: 33	8236	dwm.exe
Token: SeIncBasePriorityPrivilege	8236	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe
4716	Unicorn-31889.exe
1096	Unicorn-29183.exe
1840	Unicorn-12332.exe
3040	Unicorn-589.exe
3424	Unicorn-2021.exe
544	Unicorn-33070.exe
1552	Unicorn-56789.exe
4960	Unicorn-36246.exe
4964	Unicorn-46038.exe
4900	Unicorn-16511.exe
1512	Unicorn-57543.exe
2344	Unicorn-45846.exe
3392	Unicorn-2212.exe
1408	Unicorn-65446.exe
112	Unicorn-42285.exe
1856	Unicorn-13189.exe
2068	Unicorn-4829.exe
3876	Unicorn-1300.exe
2848	Unicorn-6867.exe
3588	Unicorn-10558.exe
4008	Unicorn-13573.exe
5020	Unicorn-39893.exe
4352	Unicorn-5213.exe
3516	Unicorn-30102.exe
1912	Unicorn-47486.exe
548	Unicorn-50829.exe
4584	Unicorn-15419.exe
1280	Unicorn-51134.exe
4088	Unicorn-32022.exe
1760	Unicorn-63717.exe
3580	Unicorn-63469.exe
4648	Unicorn-6998.exe
2020	Unicorn-5332.exe
4412	Unicorn-59494.exe
3776	Unicorn-25582.exe
4440	Unicorn-59878.exe
2212	Unicorn-33750.exe
3212	Unicorn-58254.exe
608	Unicorn-6780.exe
224	Unicorn-17443.exe
896	Unicorn-53423.exe
3952	Unicorn-2940.exe
916	Unicorn-3070.exe
2520	Unicorn-16483.exe
4768	Unicorn-63838.exe
920	Unicorn-10619.exe
3352	Unicorn-60823.exe
2936	Unicorn-6469.exe
4372	Unicorn-44487.exe
1904	Unicorn-3132.exe
3564	Unicorn-21133.exe
3160	Unicorn-62173.exe
1360	Unicorn-14637.exe
2952	Unicorn-62421.exe
1612	Unicorn-5566.exe
3664	Unicorn-16484.exe
960	Unicorn-34517.exe
2128	Unicorn-46215.exe
4760	Unicorn-65109.exe
4240	Unicorn-47943.exe
2516	Unicorn-62551.exe
4252	Unicorn-44828.exe
3672	Unicorn-64663.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4716	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	92
PID 4736 wrote to memory of 4716	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	92
PID 4736 wrote to memory of 4716	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	92
PID 4716 wrote to memory of 1096	4716	Unicorn-31889.exe	95
PID 4716 wrote to memory of 1096	4716	Unicorn-31889.exe	95
PID 4716 wrote to memory of 1096	4716	Unicorn-31889.exe	95
PID 4736 wrote to memory of 1840	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	96
PID 4736 wrote to memory of 1840	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	96
PID 4736 wrote to memory of 1840	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	96
PID 1096 wrote to memory of 3040	1096	Unicorn-29183.exe	98
PID 1096 wrote to memory of 3040	1096	Unicorn-29183.exe	98
PID 1096 wrote to memory of 3040	1096	Unicorn-29183.exe	98
PID 4716 wrote to memory of 3424	4716	Unicorn-31889.exe	99
PID 4716 wrote to memory of 3424	4716	Unicorn-31889.exe	99
PID 4716 wrote to memory of 3424	4716	Unicorn-31889.exe	99
PID 1840 wrote to memory of 544	1840	Unicorn-12332.exe	100
PID 1840 wrote to memory of 544	1840	Unicorn-12332.exe	100
PID 1840 wrote to memory of 544	1840	Unicorn-12332.exe	100
PID 4736 wrote to memory of 1552	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	101
PID 4736 wrote to memory of 1552	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	101
PID 4736 wrote to memory of 1552	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	101
PID 3040 wrote to memory of 4960	3040	Unicorn-589.exe	104
PID 3040 wrote to memory of 4960	3040	Unicorn-589.exe	104
PID 3040 wrote to memory of 4960	3040	Unicorn-589.exe	104
PID 1096 wrote to memory of 4964	1096	Unicorn-29183.exe	105
PID 1096 wrote to memory of 4964	1096	Unicorn-29183.exe	105
PID 1096 wrote to memory of 4964	1096	Unicorn-29183.exe	105
PID 3424 wrote to memory of 4900	3424	Unicorn-2021.exe	106
PID 3424 wrote to memory of 4900	3424	Unicorn-2021.exe	106
PID 3424 wrote to memory of 4900	3424	Unicorn-2021.exe	106
PID 544 wrote to memory of 1512	544	Unicorn-33070.exe	107
PID 544 wrote to memory of 1512	544	Unicorn-33070.exe	107
PID 544 wrote to memory of 1512	544	Unicorn-33070.exe	107
PID 4716 wrote to memory of 3392	4716	Unicorn-31889.exe	108
PID 4716 wrote to memory of 3392	4716	Unicorn-31889.exe	108
PID 4716 wrote to memory of 3392	4716	Unicorn-31889.exe	108
PID 4736 wrote to memory of 1408	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	109
PID 4736 wrote to memory of 1408	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	109
PID 4736 wrote to memory of 1408	4736	f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe	109
PID 1840 wrote to memory of 2344	1840	Unicorn-12332.exe	110
PID 1840 wrote to memory of 2344	1840	Unicorn-12332.exe	110
PID 1840 wrote to memory of 2344	1840	Unicorn-12332.exe	110
PID 1552 wrote to memory of 112	1552	Unicorn-56789.exe	111
PID 1552 wrote to memory of 112	1552	Unicorn-56789.exe	111
PID 1552 wrote to memory of 112	1552	Unicorn-56789.exe	111
PID 4960 wrote to memory of 1856	4960	Unicorn-36246.exe	112
PID 4960 wrote to memory of 1856	4960	Unicorn-36246.exe	112
PID 4960 wrote to memory of 1856	4960	Unicorn-36246.exe	112
PID 4964 wrote to memory of 2068	4964	Unicorn-46038.exe	113
PID 4964 wrote to memory of 2068	4964	Unicorn-46038.exe	113
PID 4964 wrote to memory of 2068	4964	Unicorn-46038.exe	113
PID 3040 wrote to memory of 3876	3040	Unicorn-589.exe	114
PID 3040 wrote to memory of 3876	3040	Unicorn-589.exe	114
PID 3040 wrote to memory of 3876	3040	Unicorn-589.exe	114
PID 1096 wrote to memory of 2848	1096	Unicorn-29183.exe	115
PID 1096 wrote to memory of 2848	1096	Unicorn-29183.exe	115
PID 1096 wrote to memory of 2848	1096	Unicorn-29183.exe	115
PID 1512 wrote to memory of 3588	1512	Unicorn-57543.exe	117
PID 1512 wrote to memory of 3588	1512	Unicorn-57543.exe	117
PID 1512 wrote to memory of 3588	1512	Unicorn-57543.exe	117
PID 3424 wrote to memory of 1912	3424	Unicorn-2021.exe	116
PID 3424 wrote to memory of 1912	3424	Unicorn-2021.exe	116
PID 3424 wrote to memory of 1912	3424	Unicorn-2021.exe	116
PID 2344 wrote to memory of 3516	2344	Unicorn-45846.exe	119

C:\Users\Admin\AppData\Local\Temp\f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe
"C:\Users\Admin\AppData\Local\Temp\f8c7be6836665b9e2de1442851c2991f96202653c027b29998c0ef6969835b80.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        10⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44293.exe
        10⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
        10⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        10⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        10⤵
        
        PID:19248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        10⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        10⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        10⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        9⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        9⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        9⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        9⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        9⤵
        
        PID:18724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        9⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        9⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        9⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        9⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        9⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        8⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        8⤵
        
        PID:18512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        7⤵
        Executes dropped EXE
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        9⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        9⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        9⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        9⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        8⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        8⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        8⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        8⤵
        
        PID:18812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        8⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        8⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        7⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        7⤵
        
        PID:18912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        9⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
        9⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52069.exe
        9⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        9⤵
        
        PID:17844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        9⤵
        
        PID:18868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        9⤵
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        8⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        8⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        7⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        7⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        6⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        8⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        8⤵
        
        PID:18368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
        7⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        7⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        7⤵
        
        PID:19308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        9⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        9⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        9⤵
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        8⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        8⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        8⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        8⤵
        
        PID:19008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        8⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        7⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        7⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        7⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        6⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        7⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        7⤵
        
        PID:18648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59903.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        6⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        7⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        7⤵
        
        PID:18680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        5⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        5⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        9⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        9⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        9⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        9⤵
        
        PID:17836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        8⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        7⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        6⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        8⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        8⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        7⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        7⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        7⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        7⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        6⤵
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
        8⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        8⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        8⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        7⤵
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        7⤵
        
        PID:19228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        7⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        7⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        7⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        6⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        7⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        6⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        8⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        8⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
        8⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        8⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        8⤵
        
        PID:18628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        8⤵
        
        PID:18904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        7⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        7⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        7⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        7⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        6⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        6⤵
        
        PID:18756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
        7⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        7⤵
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        6⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        6⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        5⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        5⤵
        
        PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        7⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        7⤵
        
        PID:19408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        6⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        5⤵
        
        PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        5⤵
        
        PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        5⤵
        
        PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        5⤵
        
        PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
      4⤵
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
      4⤵
      PID:15380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
      4⤵
      PID:18176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
        8⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        7⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        7⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        7⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        7⤵
        
        PID:18864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        6⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        6⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        6⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        7⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        6⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 632
        7⤵
        Program crash
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        6⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        5⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
        5⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        5⤵
        
        PID:19052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        5⤵
        
        PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59967.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        7⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        6⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62723.exe
        6⤵
        
        PID:18600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
        5⤵
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        6⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
        5⤵
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        5⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
        5⤵
        
        PID:18912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
      4⤵
      PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      4⤵
      PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
      4⤵
      PID:16108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        8⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        7⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        7⤵
        
        PID:18704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        6⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        6⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        6⤵
        
        PID:18576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7774.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        5⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        5⤵
        
        PID:19224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        7⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        6⤵
        
        PID:18892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        6⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
      4⤵
      PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
      4⤵
      PID:13084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
      4⤵
      PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        5⤵
        
        PID:5568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 644
        6⤵
        Program crash
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        6⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        5⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        5⤵
        
        PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      4⤵
      PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
      4⤵
      PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
      4⤵
      PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
      4⤵
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        5⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
      4⤵
      PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
      4⤵
      PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
      4⤵
      PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
      4⤵
      PID:8576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
      4⤵
      PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
      4⤵
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
      4⤵
      PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
    3⤵
    PID:8348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
    3⤵
    PID:11672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
    3⤵
    PID:14028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
    3⤵
    PID:5408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        8⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        7⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        7⤵
        
        PID:18796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        7⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
        8⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        6⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        6⤵
        
        PID:18496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        6⤵
        
        PID:19116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        6⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        7⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        7⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49237.exe
        6⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        7⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        7⤵
        
        PID:18616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        6⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        6⤵
        
        PID:18492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        6⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        7⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        6⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        6⤵
        
        PID:18900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        5⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        5⤵
        
        PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        7⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        7⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        6⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        5⤵
        
        PID:18284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        5⤵
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
      4⤵
      PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
      4⤵
      PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
      4⤵
      PID:19148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        7⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        7⤵
        
        PID:18792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        6⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        6⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        7⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        7⤵
        
        PID:18268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        6⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        5⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        5⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        6⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 212
        7⤵
        Program crash
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        6⤵
        
        PID:19244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        5⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        5⤵
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        5⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        5⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        5⤵
        
        PID:18380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      4⤵
      PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
      4⤵
      PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
      4⤵
      PID:18736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        7⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39357.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        6⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        6⤵
        
        PID:18480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
        6⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        5⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
        5⤵
        
        PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        5⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
      4⤵
      PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
      4⤵
      PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
      4⤵
      PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
      4⤵
      PID:18604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        5⤵
        
        PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        5⤵
        
        PID:19240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
      4⤵
      PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
      4⤵
      PID:6420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
    3⤵
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
      4⤵
      PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
      4⤵
      PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
      4⤵
      PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
      4⤵
      PID:9208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
    3⤵
    PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
      4⤵
      PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
      4⤵
      PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
      4⤵
      PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
    3⤵
    PID:9084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
    3⤵
    PID:13360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
    3⤵
    PID:16552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
    3⤵
    PID:5916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54892.exe
        7⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        6⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        6⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        6⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        5⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 632
        5⤵
        Program crash
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48367.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
      4⤵
      PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
      4⤵
      PID:17312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        6⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        6⤵
        
        PID:18684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        6⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        6⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        5⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        5⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
      4⤵
      PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
      4⤵
      PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
      4⤵
      PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        6⤵
        
        PID:18880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        5⤵
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      4⤵
      PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      4⤵
      PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
      4⤵
      PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
      4⤵
      PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
      4⤵
      PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
      4⤵
      PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
      4⤵
      PID:18100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
    3⤵
    PID:8356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
    3⤵
    PID:11712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
    3⤵
    PID:14648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
    3⤵
    PID:17604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
    3⤵
    PID:19252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        6⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        5⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
      4⤵
      PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
      4⤵
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
    3⤵
    PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        5⤵
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
      4⤵
      PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        5⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
      4⤵
      PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
      4⤵
      PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
      4⤵
      PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
    3⤵
    PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
      4⤵
      PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      4⤵
      PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
      4⤵
      PID:17240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
    3⤵
    PID:8568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
    3⤵
    PID:11776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
    3⤵
    PID:14008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
    3⤵
    PID:5976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        5⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        5⤵
        
        PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51173.exe
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
      4⤵
      PID:15572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15572 -s 468
        5⤵
        Program crash
        
        PID:18000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18000 -s 656
        6⤵
        Program crash
        
        PID:19368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      4⤵
      PID:18396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
      4⤵
      PID:18696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
    3⤵
    PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
      4⤵
      PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      4⤵
      PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
    3⤵
    PID:9480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
    3⤵
    PID:15596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
    3⤵
    PID:6224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
    3⤵
    PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
        5⤵
        
        PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
      4⤵
      PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
      4⤵
      PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
      4⤵
      PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
    3⤵
    PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
      4⤵
      PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
      4⤵
      PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
      4⤵
      PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      4⤵
      PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
      4⤵
      PID:19276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
    3⤵
    PID:10200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
    3⤵
    PID:13276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
    3⤵
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
    3⤵
    PID:6308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
  2⤵
  PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
    3⤵
    PID:7360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
    3⤵
    PID:9540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
    3⤵
    PID:13132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
    3⤵
    PID:16560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
    3⤵
    PID:18104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
  2⤵
  PID:8080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
  2⤵
  PID:11096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
  2⤵
  PID:14184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
  2⤵
  PID:17080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 960 -ip 960
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5568 -ip 5568
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7392 -ip 7392
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4496 -ip 4496
1⤵
PID:16032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 15572 -ip 15572
1⤵
PID:17660

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe

Filesize
184KB

MD5
d392bf0b7da47b0d86b892880d12d92a

SHA1
7707987344e68936e42548a9585bad88612bf23b

SHA256
88fa8581395147bad8cd452baa97bb99f8c4127b6dfef1c0f8fe868c3f675435

SHA512
88d7fe8d67200586672967ab4bd24056402dca7082d4a0646e90d49f67d9e3de872badce8a2d1ddf5c7183012cf5c60f1bca97bea4b2f5e0b401fc502828d318

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe

Filesize
184KB

MD5
43837c3301cc396c9594aa0d8b737639

SHA1
273434a6a92b7552c9dd1df7c3f1f518ad7a20d8

SHA256
4c3deecf8f5a5b31f0336235b86887f22779d16563bce42c60847a0f54b1eb50

SHA512
f109b91503fee167b4080783a55529a80618c621bff16d72de99d388d3779f4c6cc3fa6e7504515b27218fb2066e76922d34fc8eba14a5021788a5a18b19dc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe

Filesize
184KB

MD5
01a9bdd626fdf5f19a4dd112904fdb99

SHA1
e11a3484aaa37f9ac6fb57ace37ce5c7148d515e

SHA256
e2168a6e0e61faee674aee5f08b74beb3b3097711a553447be3331015d67944e

SHA512
7bd86f12cd9dbc655a553ee5c8f564eefea4035b972fcbb0b4a1b947f73ea1ca2b0ebc0b8f740cba4687272d3678e7f04707e912f8df9265c96bacf3dc730ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe

Filesize
184KB

MD5
ca2985527d097cc7337469515030e963

SHA1
279941e5086544809cd82db06c6cea14ffe09122

SHA256
67b07b3b132a4a83090f9ed7e398879b21ab64434ab334763a06cc8a22200a1c

SHA512
2b6e6bb5f03a224dad7fe714854895470fd58cdd3556393f8713915b52932c120b9011c7fecc0578caada5050839e792cd030afa2bd668c4e8930fa71a6631ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe

Filesize
184KB

MD5
2357d3cfccacba0b6d0ae46ef38c3add

SHA1
58067b78c60f8d81156e00a0461fb145802136fa

SHA256
98f3eb31e4f562146660d6099d96b4a415a32b0dc9a840cc04e0dd62d82de349

SHA512
0558be4ee1ebaa894fa05c74e7d3f4d2ca0b63475b0ae922cf4b0246a2f049dda0785bd25a8969d3f057da165464ed6de368fa87904acca121df5a3c8df9fa9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe

Filesize
184KB

MD5
2d22dc5719d6ed3f97dea2f311f143c3

SHA1
a54b35c2b78dcf17642e0fec0df96c112f7be6b9

SHA256
68ee34c3f511181bb265214825f80987603069b90d405313dcd166e4ae25a708

SHA512
da7c561b681434ee58592e0a912fed316d7cd5eae7d6d83b021d07a0556e433f8e7383c695132cd3c4ff323bccb533a77484653deaf2f2609f83ed3332e448ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe

Filesize
184KB

MD5
06a50eeb12af18e9f7298922b6cb0ed3

SHA1
34c4cd9177a1c78724a29e2f7ad4e2d1a82c7415

SHA256
26e80f617c8b745c8c87ec5488282626f8f062f613c9f9532f0379a8ef112f47

SHA512
155eff9249e5465d05253a6841e8d26b9db69c98547181ef988073cd4e1d5d36d3ee43b4dcd5cd056ced21ad72c3893f4a8f24c48dc601cb09979e7759567687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe

Filesize
184KB

MD5
fe5ec736e152cd5c4257d014b713a5e7

SHA1
744d5d2840d4456df0f83c7df5176df4873913a2

SHA256
1f8ddc3c3b1bcf978862e966dddec8033e407a4b4d5f3b0aad59f794cf0b60e7

SHA512
4b6fd9974ecc95f6cc4056405a0797aa562ed5a0193d220e7ae5764b28555f1ba50d2cfa3ffc7953344b40ee83a173755fb79da5b5c4dd504b47b9f4d03f2b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe

Filesize
184KB

MD5
e81b2f70c46ee4635d690af77a88881e

SHA1
83a613283faac99ecdeb0b2ca9403a680fb5efcc

SHA256
acf443ffb92afbd5b68982e21fa3d2d29ec2c4380177c147a1edbc2e1e9aa43f

SHA512
56ff3ec88688ec361c3837c22a6153dfdd68c56e7069ad64bc12e349298efdf8d333377f32e32bf4962e68178ce184e49602253c18d8c417495dbecd029e33e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe

Filesize
184KB

MD5
6bd9855de849fa348dd32d19cb39e899

SHA1
2611c8ef7b6ebad7ea36a59b7781c11bcf231292

SHA256
2e4eb136009db85046e72e735946bf60a16aff4c222d37b3dd5c1f5b1721201d

SHA512
fb3f4f0027892a214d8c17e8842ddec7c25996df53d8d6d98b32702b9ba8cf8e75f75949dc745db06f1229a863de249ebe63dd4e8df462cbbdcb62e73dcbe6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe

Filesize
184KB

MD5
2a0530078e7097d3b78a956ec20e844a

SHA1
659c2c88e15b7471462d461a20f5317b2f799a50

SHA256
6fea207b3c301c34858b438a81579f3f00dd35a1ce02b1803b5a36b122855427

SHA512
5e1ee98283cc401e691e67af3f61dfadc5da95f2a449b02f78f45c9634d89ac545c59b8da7353204cb84ac67080fe108c08d0293694e74c090d9eb68749d4273

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe

Filesize
184KB

MD5
7c4f3620d2f021ef16c663a5268ff3d0

SHA1
2837e21f5f095288130dc71e8c3f5ea5c73f0d75

SHA256
c7520ff00437eddb820374cf894c8b7752894c58de94873d46e5435c42036d1f

SHA512
71f77460ffc8b4c1d6ceae5adec97f1ed1c065c3bd93f92c3358b6e6649faaf0ecaff217d846bd4808ea8aa66f2fea298efd7d0f4ab1f96eac641f6b359b9f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe

Filesize
184KB

MD5
2cfec733c0d7c19b27b7310f0cd019c1

SHA1
9c9f370026ca78a766efdab6dbdb28b493661636

SHA256
c57d37d91b59dbb914239527c54a5efe26f8d5b66761afc7e1cdf4169f0725f3

SHA512
d59389bca8c6b50d2e7c493e7dead5cdb27b29fd3765d2a9186f1eceea47fb9a34c02213e2c2a50723f29a3925f7a79cb778955460b8e695f3b51ab65cc798f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe

Filesize
184KB

MD5
a254cdc1892a2971b06d2d03419d47be

SHA1
e6c94ed3dc72f5ceb354c776ff100607b512c2ea

SHA256
4aef54672e4fde987ca8317d96a8a2ba0028156df7c4dd6ab50036b18ec35adb

SHA512
b73e4bb7ade87bfb4965bbaa63d798d87f9b69da1cd69ed2aaa55f12217d3547cebd73b2acc9c80ab32c9eb670375bd8907ae38760e4819800f4ee8e8f7de9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe

Filesize
184KB

MD5
bbdc23d8310a7eebc3ae42a7f6bc1b12

SHA1
06ac542699e3c4526cce7afa773eed961e3f85ea

SHA256
6ea14602a4b13699d8b7a6ab14111f0b3f7f686c688c12013c447a3a39f831b0

SHA512
a25e6fe6dd179d07dac8c0da603ca876f95320b8505d3c821591a6fe10b9dc7aa9f4579f42f79b0065d6366cb6dea5c69120513f6d0d957e429cb350c9483e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe

Filesize
184KB

MD5
9c034e666df88ecf2e35f6700a43077d

SHA1
3a7f5ffef37d07623ad1e2e91e5e2a3c9f2a4e05

SHA256
5a1af9394ac9d8ebb8a411920e8cebc10459307cb366471497a6f8d9fd8b9c46

SHA512
d9c23b06823edb63455a85094dde78f3b66f8223fde49885dcc48e2ccca4c8a87494ba0e5eeb0f728149b65b755809e616cbb557688d82f1627f677456410703

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe

Filesize
184KB

MD5
b3531159a53e0ac082e981b37194b71b

SHA1
c0329f34e946140a9665b1af4c481efd29f02c26

SHA256
b0cebe0da7a177746ee64ef167ad12890ceee53b200ddac03b6110a988cbbbf8

SHA512
a8d45a97afe76a560a17b3546c304d0bb60042211aa4a3a878ac1bcd8415125d4188e2e66091df4ffbb66f80768f51d0923e1aebc47c6f356c8886e0b1cd313f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe

Filesize
184KB

MD5
bba146899d1681ec6d22e81f86d1a81e

SHA1
b4bdf06a6da0f9b9cdfd99cfbdec074741b98fde

SHA256
c974c9e35b768b814f7ddccc098a3f6c557c839db5260ccf6e6476a799e01aaa

SHA512
1b2df4c2b77a578b9ca86509e30abbe822d49c64d8210b89007bd56b4a964c94bc9b1521a4159689b6d87c96e0b9da44809e05f4ce29886eac98bd7463f21dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe

Filesize
184KB

MD5
d572a4ef0c13065ece972308a5c5fd37

SHA1
0e7560ca40d64a99fd267c5fbdb9a8c45f944356

SHA256
a40eac7dcb258476f8f73dae09af4b0d93de56394a7b45c5677f0e3c3428171c

SHA512
618e3f67f3d12e367b6c2ed3bc80257264c1d2ff566a714c308008bb1a5bb4061dacca642ad0f1fe13adb677c06a03310b5fd8d2124d7acaf1df1e202e4b7933

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe

Filesize
184KB

MD5
e354292c06f7e6c27f1fb7957ab07516

SHA1
bd1ea07d6f4486d3642a6b4825eab7d560957518

SHA256
3b88bd0bee95e9507960b6a3eb18c95b9fa7a797f9da722dc69e3e811c3ae93e

SHA512
1dde22057a94b473f6f21b1805b05106936dc653ba6115028c5eb32b1154e8fc78b8e630ac5d4c2c10c314500b0c307be51199f524d8369c63bb0f516d81ffc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe

Filesize
184KB

MD5
ec46acd5411d69e7f48842076461af22

SHA1
e907be5a5fdcc13d2b40462d5c0093db3048b766

SHA256
4bfd9a57b3371b80f10ec45018925a6dc1ee5f0263dd225bda7fb33a611529f7

SHA512
0e379d70e5415338b3a7d77619df66fbe283c1dc3861427ed0d1570349f0f8a0ebef43afdf4a12548b2ee8af4bdedd622fc5ea6170a03defb7192e774ec6106b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe

Filesize
184KB

MD5
5cfc1832d4c0b6d4a6c4a1dbfe17608d

SHA1
8ab35eea2c80c2890c4ca816d86929c42f2070cf

SHA256
8e1fa44ee8fa720d5333cdcfdfc8e9213097c5d3f4f6a30fd1101e2ea315b195

SHA512
6e292a0f7e4041be3a9ebdcbfb9a6f29c160ef6782bc46b80096c89e0a8284ee41322ac172adcd9d1096cc06b9be383f117b76724499a373aee9f6fb26a8c5b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe

Filesize
184KB

MD5
35b45451515b15d2acfbb2c2233e9f79

SHA1
38d3635770b9d4962185dea68f8ac92e19dfdd49

SHA256
3471033bdf4aea66f3f4b016a1a50dca8eccdb61fcc4345040b50c2227d653dc

SHA512
017d2bf8c4c53e8d78477d3b0e7c4e6f624731c22f1d924b131a6c8eed1c1fe3d3dd3e6a62f7658d9c14e708dc18073a9d5f259b3524b30df3b5e391a04cecfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe

Filesize
184KB

MD5
a5bd075c3c9ccb0fc9e60b7238c85d41

SHA1
0439a8ee567d5c1908f4eca1cf63ac7a05a2dcad

SHA256
d0e3d2825116516ec14e8ed253b73171f8c596a33c67dc91b3309bc0d8bc3ed9

SHA512
7c853555c5ca557b3f9a2d5bf00479a671df2a4e3bc7e0e5c5cf4109c1c5216159e7df576da5ee70970b7c5fee7e48e97eacad47a2743a92b3f052283085cd7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe

Filesize
184KB

MD5
5857c32e767dcb9c76bcdd8781499833

SHA1
5d2820ff043431a85441de53e69f38b3e5d30565

SHA256
75839109a0d0c504df7d449f6fbef3c2f037b444d0a23b9d8c9de6a07fa20a79

SHA512
199c8051b42f18efb550e5f1e0eafe64a3b8e5da4d28969abcf452f2e2d6b4817121836137eb805b6a05b60f053ad0ca7c1665c15f03d6bfdf727be1ed8de6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe

Filesize
184KB

MD5
dd86ddd942e47184c525fe5932d1ebda

SHA1
214e7e42743db60051e9db2b5a73dff2dcde47a6

SHA256
5b4371781a5a0903f025951aa3a80c7d2f6f6685f21ca53833bff3a2add6e064

SHA512
5e641a7b5c137dbf05455d6af20ebf1ed72a4cde3af7042540640c79bb64aba6adb0d13c8263a41c0d093e1839b0d68d5d2ce84228a14657aa7c08d97c1ffef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe

Filesize
184KB

MD5
d4dfcf2cd1d5de30e3d9edbbf67ed748

SHA1
686c9e24d60bfcec794ceba9282f721896c824a3

SHA256
dc9e08a24edac04abb061ffeed3fe1d760b2f56feade9fa5b6e13e6f2145c622

SHA512
0d5d26c73f51ce69e840bfe262b97e578de48b6546ed3de499e0ed1741e887731e5791e54cc7afdec6839e8e70fbc5b6ee6c55e08852e419b4c189af2506fa1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe

Filesize
184KB

MD5
b9b23d518b81d67d5d17c22b54934681

SHA1
6fbf3529d4d2f2175dd2459a1b148c04d633a1e3

SHA256
12d2a442577589ccadcc3e94a870bd6fd30968f41cc37403bf6d127487faf37d

SHA512
f1555ee447ca1434ac8aeaa268bd1deefc8f620e35b51f7a9096c451a6d1ffa87b9c9261ec2703b83c32336f141f72600f0b68d4ddec3edad08aeef32e7a81a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe

Filesize
184KB

MD5
123e416cd9173d4e9f6b3adfebdccdf0

SHA1
0420bf57a7f5df43e98f56f5d7679536b33e5614

SHA256
a647928cf1e4189549a27056162e192b0c068ff895711660b1018f45eddf34b3

SHA512
2c42eb7af16777bfb1898ca9c7e0c83a4da2b4b40a19401b00bd3471dd7458d4ffd356b84497142a7038ec93989e5c4254ab0b312d1830119d8e4e6d3ecbaf11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe

Filesize
184KB

MD5
a2fd7b7ae884d563d911613c1421ceda

SHA1
9f542e1477a48b19eaea18ced4aeed80de798c35

SHA256
bf80fa2b7f35d60b317b41b000041e98a5805e8202b401fc6c07f4f8999baaae

SHA512
d13cd03ed44a0ce886e5259a0cb0f91214515e402c98983ccc3cce5d7552927c099b142dae91ffbbb6582baa809e9b75dc15e2fb6af437849956a402e9ee0660

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe

Filesize
184KB

MD5
0577828b73b2fcfa624985f30e15b586

SHA1
f27c6ed7b44f2f147c0bfe918790f2f65b955568

SHA256
28970a3bbe12daadf9259d4646463c215141b02e2c7e23457b3bec6ef2c9e762

SHA512
57da246ca4eb990858ff8cbbb2696bdbd0616bec3f846b583c3b6878b278e1f3dc2266b8bd1e6b18dfa06e991f27989ecdbcc6b71302e13de22546bb1b3bb1be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe

Filesize
184KB

MD5
db00b0fac152d1944fa2299778d98d69

SHA1
8e17b687c1490a5642c05276148c23fdbf0a1f00

SHA256
b07e0327c6e89173b815b4bb23965919ba904d84e0de62bc9e0f8398ae0b8903

SHA512
1217e94e34a45b4cdbdecb2a0f0db8fb5424041ef01c9a5b6b550684904b90af19007904799afb74fa2cca4d9536c53f87a48d28eea8dc1aef5ddd7ff9f79d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe

Filesize
184KB

MD5
0d82691175538bfec87029049c5768a1

SHA1
8b0113cacb87f884521a9512170a9c0bf67d31ad

SHA256
a253073d57ebe2f0ba308d681fb628840a6f55d8359beefd37b8dfbaed1cf272

SHA512
f3a3e67dd1ef37517118787d2d22b38810e529106e1623de3dcaa41004919b58509057928d5ab13b825db1e9962533f6d0f3e95f842c8185a261aa46012932ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe

Filesize
184KB

MD5
711175eab220cffd2b0c56bc06b9f3d7

SHA1
fdf59a28bb006d868461d95327eddfb6e283945f

SHA256
ffc2bf0b5993450a964def0a9380a4af5346543049975edfe79d3dccc4fb0a30

SHA512
52bb118e93f8036e82e7ef8505e28ded463b50274b19cb1a7d1e37d98decd7d97c7e2834ae8e84647fe709b837bffc0574773957d2094c492ac00fa9a5429e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe

Filesize
184KB

MD5
388dc0776daa5855cceb238caac5a3c5

SHA1
f8f6c452a2e7b6cfa985195b1bb05cad47fb2fdd

SHA256
08698c7fcf29a8e6e7df400e58018c065a1b6c687c526ecf4259eaad0d3b385d

SHA512
b9cd1f78b608f995e5161ab763ec9a1b24752b0f5b9b8a93e6525747663b87f17b0d0f3553d1ba0d2bb9aa21395b36bd7d97d5b56d7b78f32e18abf776f54402

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe

Filesize
184KB

MD5
1d845e87a31ad6eae95489a76687152f

SHA1
3e4fe658cb5607cf2803149dc17d14dc70cd8e2a

SHA256
79db449fe269f58c6cd12f4379be426b7bb782024c6f7d11ea669541b484ae0d

SHA512
f54b720316c6cfe01610063c0be672bcfb05fa7d69291fbaba9c4df4c92c3ff959931d25facf97f215ebda814f7836d393c557bede72b485623e3e7fbd9e10a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe

Filesize
184KB

MD5
9bb2dee85de76ee139ef18e94d5da7ca

SHA1
6cfc0a792165d514cc55c861a05b972ee408f169

SHA256
e9eb1002116ac8dde1761e2a3bf7ca6cc9892401d45dd5977a87bba86b80fe3f

SHA512
d7c7f876ec856f5cb6374131ab46cc696256ae7b073fa19a322065b71506b1118bec5c899d75810613c9ae9b2019857eeb0e16ea3e5da0c3f4cf815546821670

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe

Filesize
184KB

MD5
322082519c31b86ec3f19141a9fdf9b4

SHA1
3d54c618c556ae7e30325bb1346c477ca2444896

SHA256
a3b3a9f515d395ec7155cc34c15ea321bb77aeda065c115f0388ef404bf44143

SHA512
26f71024a1d607e6985ccaf814ca420ced74da70e3e947b4e3f317a05765e211d619c643235c71c1673fc5f67980802ae7699ef844345f1977e4cf0c27203a1c

Download Submit
memory/4964-3244-0x00000000774E0000-0x00000000774EA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads