bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62

Analysis

max time kernel
84s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe
Size

184KB
MD5

61622d771db2bff7970d1b91ba976efe
SHA1

595f214356a04ce1fd2d83743ba34d35504a3388
SHA256

bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62
SHA512

4ae6efb5a177ff5f0212441aa0fca425fee16febc8e86048a253510598d5e9ec60bc51c16a69b91c998293b9d6eb2982f1fb1279b5b555247416a1d51271bcba
SSDEEP

3072:UYS/Jao/pWKMdTXtWEfn8s1zrlvnqnxiuE:UY9o94TXJ8gzrlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1448	Unicorn-50784.exe
2912	Unicorn-53488.exe
4232	Unicorn-32169.exe
1972	Unicorn-56000.exe
3920	Unicorn-52279.exe
3916	Unicorn-22752.exe
1112	Unicorn-93.exe
788	Unicorn-59376.exe
5080	Unicorn-61187.exe
4908	Unicorn-5664.exe
5004	Unicorn-28323.exe
2748	Unicorn-24601.exe
1088	Unicorn-27674.exe
4664	Unicorn-8073.exe
3484	Unicorn-39126.exe
5112	Unicorn-65043.exe
3308	Unicorn-63076.exe
4424	Unicorn-32480.exe
1368	Unicorn-15952.exe
3912	Unicorn-60449.exe
2504	Unicorn-18640.exe
408	Unicorn-46714.exe
2992	Unicorn-777.exe
3788	Unicorn-34400.exe
1396	Unicorn-25085.exe
2216	Unicorn-49283.exe
4140	Unicorn-17488.exe
3632	Unicorn-16838.exe
2892	Unicorn-45841.exe
3744	Unicorn-41411.exe
2344	Unicorn-6365.exe
5104	Unicorn-36611.exe
4200	Unicorn-57690.exe
3244	Unicorn-54976.exe
4056	Unicorn-23264.exe
4260	Unicorn-39329.exe
1836	Unicorn-64976.exe
1436	Unicorn-64976.exe
4736	Unicorn-64976.exe
2316	Unicorn-11177.exe
2072	Unicorn-31043.exe
3872	Unicorn-64976.exe
1144	Unicorn-27513.exe
4980	Unicorn-62874.exe
4000	Unicorn-31728.exe
2884	Unicorn-31728.exe
2340	Unicorn-17203.exe
2440	Unicorn-33155.exe
1208	Unicorn-7135.exe
2224	Unicorn-6751.exe
1716	Unicorn-38583.exe
2360	Unicorn-13382.exe
5204	Unicorn-37129.exe
5212	Unicorn-37129.exe
5232	Unicorn-23171.exe
5152	Unicorn-48065.exe
5168	Unicorn-18192.exe
5184	Unicorn-23866.exe
5260	Unicorn-4073.exe
5276	Unicorn-18982.exe
5296	Unicorn-8790.exe
5312	Unicorn-20518.exe
5324	Unicorn-50865.exe
5332	Unicorn-9823.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
6808	1208	WerFault.exe	147
6936	6020	WerFault.exe	175
10000	5108	WerFault.exe	238
10532	2468	WerFault.exe	201
11212	6348	WerFault.exe	209
1072	6348	WerFault.exe	209
10276	2468	WerFault.exe	201
10452	5644	WerFault.exe	239

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe
1448	Unicorn-50784.exe
2912	Unicorn-53488.exe
4232	Unicorn-32169.exe
3920	Unicorn-52279.exe
3916	Unicorn-22752.exe
1972	Unicorn-56000.exe
1112	Unicorn-93.exe
788	Unicorn-59376.exe
5080	Unicorn-61187.exe
4908	Unicorn-5664.exe
4664	Unicorn-8073.exe
5004	Unicorn-28323.exe
1088	Unicorn-27674.exe
2748	Unicorn-24601.exe
3484	Unicorn-39126.exe
5112	Unicorn-65043.exe
3308	Unicorn-63076.exe
4424	Unicorn-32480.exe
1368	Unicorn-15952.exe
3632	Unicorn-16838.exe
2992	Unicorn-777.exe
2504	Unicorn-18640.exe
3912	Unicorn-60449.exe
2892	Unicorn-45841.exe
408	Unicorn-46714.exe
1396	Unicorn-25085.exe
2216	Unicorn-49283.exe
4140	Unicorn-17488.exe
3788	Unicorn-34400.exe
3744	Unicorn-41411.exe
2344	Unicorn-6365.exe
5104	Unicorn-36611.exe
4200	Unicorn-57690.exe
3244	Unicorn-54976.exe
4056	Unicorn-23264.exe
4260	Unicorn-39329.exe
1836	Unicorn-64976.exe
2072	Unicorn-31043.exe
4736	Unicorn-64976.exe
3872	Unicorn-64976.exe
2316	Unicorn-11177.exe
1436	Unicorn-64976.exe
4980	Unicorn-62874.exe
4000	Unicorn-31728.exe
2884	Unicorn-31728.exe
2340	Unicorn-17203.exe
1144	Unicorn-27513.exe
2440	Unicorn-33155.exe
1208	Unicorn-7135.exe
5152	Unicorn-48065.exe
2224	Unicorn-6751.exe
1716	Unicorn-38583.exe
5204	Unicorn-37129.exe
5212	Unicorn-37129.exe
5168	Unicorn-18192.exe
5464	Unicorn-32499.exe
5184	Unicorn-23866.exe
5260	Unicorn-4073.exe
2360	Unicorn-13382.exe
5340	Unicorn-6102.exe
5380	Unicorn-41270.exe
5276	Unicorn-18982.exe
5296	Unicorn-8790.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 1448	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	91
PID 4832 wrote to memory of 1448	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	91
PID 4832 wrote to memory of 1448	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	91
PID 1448 wrote to memory of 2912	1448	Unicorn-50784.exe	92
PID 1448 wrote to memory of 2912	1448	Unicorn-50784.exe	92
PID 1448 wrote to memory of 2912	1448	Unicorn-50784.exe	92
PID 4832 wrote to memory of 4232	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	93
PID 4832 wrote to memory of 4232	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	93
PID 4832 wrote to memory of 4232	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	93
PID 2912 wrote to memory of 1972	2912	Unicorn-53488.exe	94
PID 2912 wrote to memory of 1972	2912	Unicorn-53488.exe	94
PID 2912 wrote to memory of 1972	2912	Unicorn-53488.exe	94
PID 1448 wrote to memory of 3920	1448	Unicorn-50784.exe	95
PID 1448 wrote to memory of 3920	1448	Unicorn-50784.exe	95
PID 1448 wrote to memory of 3920	1448	Unicorn-50784.exe	95
PID 4232 wrote to memory of 3916	4232	Unicorn-32169.exe	96
PID 4232 wrote to memory of 3916	4232	Unicorn-32169.exe	96
PID 4232 wrote to memory of 3916	4232	Unicorn-32169.exe	96
PID 4832 wrote to memory of 1112	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	97
PID 4832 wrote to memory of 1112	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	97
PID 4832 wrote to memory of 1112	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	97
PID 3920 wrote to memory of 788	3920	Unicorn-52279.exe	101
PID 3920 wrote to memory of 788	3920	Unicorn-52279.exe	101
PID 3920 wrote to memory of 788	3920	Unicorn-52279.exe	101
PID 3916 wrote to memory of 5080	3916	Unicorn-22752.exe	102
PID 3916 wrote to memory of 5080	3916	Unicorn-22752.exe	102
PID 3916 wrote to memory of 5080	3916	Unicorn-22752.exe	102
PID 1448 wrote to memory of 4908	1448	Unicorn-50784.exe	103
PID 1448 wrote to memory of 4908	1448	Unicorn-50784.exe	103
PID 1448 wrote to memory of 4908	1448	Unicorn-50784.exe	103
PID 1112 wrote to memory of 5004	1112	Unicorn-93.exe	104
PID 1112 wrote to memory of 5004	1112	Unicorn-93.exe	104
PID 1112 wrote to memory of 5004	1112	Unicorn-93.exe	104
PID 4232 wrote to memory of 2748	4232	Unicorn-32169.exe	105
PID 4232 wrote to memory of 2748	4232	Unicorn-32169.exe	105
PID 4232 wrote to memory of 2748	4232	Unicorn-32169.exe	105
PID 4832 wrote to memory of 1088	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	106
PID 4832 wrote to memory of 1088	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	106
PID 4832 wrote to memory of 1088	4832	bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe	106
PID 2912 wrote to memory of 4664	2912	Unicorn-53488.exe	107
PID 2912 wrote to memory of 4664	2912	Unicorn-53488.exe	107
PID 2912 wrote to memory of 4664	2912	Unicorn-53488.exe	107
PID 1972 wrote to memory of 3484	1972	Unicorn-56000.exe	110
PID 1972 wrote to memory of 3484	1972	Unicorn-56000.exe	110
PID 1972 wrote to memory of 3484	1972	Unicorn-56000.exe	110
PID 788 wrote to memory of 5112	788	Unicorn-59376.exe	111
PID 788 wrote to memory of 5112	788	Unicorn-59376.exe	111
PID 788 wrote to memory of 5112	788	Unicorn-59376.exe	111
PID 3920 wrote to memory of 3308	3920	Unicorn-52279.exe	112
PID 3920 wrote to memory of 3308	3920	Unicorn-52279.exe	112
PID 3920 wrote to memory of 3308	3920	Unicorn-52279.exe	112
PID 5080 wrote to memory of 4424	5080	Unicorn-61187.exe	113
PID 5080 wrote to memory of 4424	5080	Unicorn-61187.exe	113
PID 5080 wrote to memory of 4424	5080	Unicorn-61187.exe	113
PID 4908 wrote to memory of 1368	4908	Unicorn-5664.exe	114
PID 4908 wrote to memory of 1368	4908	Unicorn-5664.exe	114
PID 4908 wrote to memory of 1368	4908	Unicorn-5664.exe	114
PID 2912 wrote to memory of 3912	2912	Unicorn-53488.exe	115
PID 2912 wrote to memory of 3912	2912	Unicorn-53488.exe	115
PID 2912 wrote to memory of 3912	2912	Unicorn-53488.exe	115
PID 4664 wrote to memory of 2504	4664	Unicorn-8073.exe	116
PID 4664 wrote to memory of 2504	4664	Unicorn-8073.exe	116
PID 4664 wrote to memory of 2504	4664	Unicorn-8073.exe	116
PID 3916 wrote to memory of 408	3916	Unicorn-22752.exe	117

C:\Users\Admin\AppData\Local\Temp\bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe
"C:\Users\Admin\AppData\Local\Temp\bda5dbd65653ee34991558b5122c50dfe66e960f52f0355e7a44071bbe0e6e62.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56000.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 720
        8⤵
        Program crash
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39648.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        8⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        8⤵
        
        PID:17604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        7⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        7⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        7⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34484.exe
        7⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        6⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        7⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
        7⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
        7⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        6⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        6⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        7⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55428.exe
        6⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37315.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        8⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        9⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        9⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        8⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        8⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        7⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29959.exe
        7⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        6⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        7⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        6⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        7⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
        5⤵
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17203.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        7⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        7⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        6⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        6⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        5⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39229.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        5⤵
        
        PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
      4⤵
      PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
      4⤵
      PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
      4⤵
      PID:17184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        7⤵
        Executes dropped EXE
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        9⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        9⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        8⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        8⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
        7⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        6⤵
        Executes dropped EXE
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        8⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        8⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        7⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        7⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        8⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36042.exe
        7⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        7⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        6⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        5⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        6⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        7⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        6⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        6⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        6⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        5⤵
        
        PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        5⤵
        
        PID:9312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        6⤵
        Executes dropped EXE
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
        8⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13815.exe
        7⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        7⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        7⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        6⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        7⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        6⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        6⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 696
        7⤵
        Program crash
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        6⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        6⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        7⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        6⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13852.exe
        7⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        5⤵
        
        PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        5⤵
        
        PID:18128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5865.exe
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
      4⤵
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
      4⤵
      PID:10736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        8⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        7⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
        8⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        8⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        8⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        7⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        7⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9788.exe
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        6⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        5⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
        6⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        5⤵
        
        PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        6⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60378.exe
        5⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        5⤵
        
        PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        5⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        5⤵
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
      4⤵
      PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        5⤵
        
        PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
      4⤵
      PID:17312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        6⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        5⤵
        
        PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
      4⤵
      PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
      4⤵
      PID:12292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
      4⤵
      PID:9996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        5⤵
        
        PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
      4⤵
      PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        5⤵
        
        PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
      4⤵
      PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
      4⤵
      PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
      4⤵
      PID:16676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
    3⤵
    PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
      4⤵
      PID:17508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
    3⤵
    PID:9000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
    3⤵
    PID:14256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
    3⤵
    PID:7740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        9⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
        8⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        8⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48195.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        7⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        8⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        8⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        7⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        7⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
        6⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        8⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        7⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4764.exe
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        6⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
        6⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        5⤵
        
        PID:6348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 648
        6⤵
        Program crash
        
        PID:11212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 648
        6⤵
        Program crash
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        7⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        6⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        7⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        5⤵
        
        PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
      4⤵
      Executes dropped EXE
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        6⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
      4⤵
      PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
      4⤵
      PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        8⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        6⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        7⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        6⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        5⤵
        
        PID:2468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 632
        6⤵
        Program crash
        
        PID:10532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 632
        6⤵
        Program crash
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        5⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        5⤵
        
        PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        5⤵
        
        PID:5108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 724
        6⤵
        Program crash
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        6⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        6⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        5⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        5⤵
        
        PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        6⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        5⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        5⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
      4⤵
      PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        5⤵
        
        PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
      4⤵
      PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
      4⤵
      PID:15988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
        7⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        7⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        6⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        6⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        5⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        5⤵
        
        PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        5⤵
        
        PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
      4⤵
      PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
      4⤵
      PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      4⤵
      PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
      4⤵
      PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
    3⤵
    PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
      4⤵
      PID:17108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
    3⤵
    PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
      4⤵
      PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
      4⤵
      PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
      4⤵
      PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
    3⤵
    PID:10256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
    3⤵
    PID:13952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
    3⤵
    PID:16016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        7⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        6⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        5⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        5⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        5⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        5⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        6⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
        6⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        5⤵
        
        PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
      4⤵
      PID:16428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        7⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        5⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        5⤵
        
        PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
      4⤵
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
      4⤵
      PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
      4⤵
      PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
      4⤵
      PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
      4⤵
      PID:17216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        5⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
      4⤵
      PID:16476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
      4⤵
      PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
      4⤵
      PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
      4⤵
      PID:17092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
    3⤵
    PID:9544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
    3⤵
    PID:11708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13807.exe
    3⤵
    PID:12844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
    3⤵
    PID:18168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        7⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        6⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        6⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        5⤵
        
        PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
      4⤵
      PID:6020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 488
        5⤵
        Program crash
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        5⤵
        
        PID:17560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
      4⤵
      PID:10988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
      4⤵
      PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
      4⤵
      PID:18404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
      4⤵
      PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
      4⤵
      PID:16544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
      4⤵
      PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
      4⤵
      PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
    3⤵
    PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
      4⤵
      PID:15556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
    3⤵
    PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
      4⤵
      PID:15900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
    3⤵
    PID:9256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
    3⤵
    PID:14544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
    3⤵
    PID:16660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65444.exe
      4⤵
      PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
      4⤵
      PID:18044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
    3⤵
    PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
      4⤵
      PID:18144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
    3⤵
    PID:8964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
    3⤵
    PID:10392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
    3⤵
    PID:14264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
    3⤵
    PID:18016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
    3⤵
    PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      4⤵
      PID:16228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
    3⤵
    PID:10612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
    3⤵
    PID:12276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
    3⤵
    PID:15132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
    3⤵
    PID:11028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
  2⤵
  PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
    3⤵
    PID:9588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
    3⤵
    PID:9904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
    3⤵
    PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
    3⤵
    PID:9552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
  2⤵
  PID:1104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
  2⤵
  PID:892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
  2⤵
  PID:11344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
  2⤵
  PID:16556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1208 -ip 1208
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6020 -ip 6020
1⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3912 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5108 -ip 5108
1⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6348 -ip 6348
1⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2468 -ip 2468
1⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5644 -ip 5644
1⤵
PID:9168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe

Filesize
184KB

MD5
a52ab4a547fb4763ce3a33a1dcf91b4d

SHA1
7cd9f2bb6b03710ec8f41ab79186f057c6cb7b0e

SHA256
c7928f328717a1cefde3fe4083a4757d44a5680edfe8084faec12e494ad23ade

SHA512
c71c878b87cf1dce667d85eefb496200d421261ec8bdbb83dfc7de788e78377883299725e5afece62d13bb76c8a1a03cb2b4a91f1c7872d359a28bb9bed5b65f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe

Filesize
184KB

MD5
c3e9cc2c11aec9c2e0f3d0539d4c36bf

SHA1
d476d695ec523c33d377b6415e7098c1c90e10ba

SHA256
7b9efbf95fb61f8c7abb7d17ac149c6f1ac0f583fe6972ef1e84cc771e925121

SHA512
50af2c662ae7bf9fe3e3be27c771f5910e1a194b97818f6ada4e6cedbf92790f4527fb2db18e129238a568d86e32a62beb0131623d3568ac77d0a609b64e2d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe

Filesize
184KB

MD5
faa4f5f5e69ce8dbee91f55a1327047f

SHA1
d72403c84905f930310f448f7ff9f6cdba9243b4

SHA256
3517b74007f4dfb3ec39dcea45142e5491c9d88e81b35181331bb9cc715b36d8

SHA512
296346c18b13bb1bbef592a6794a0b3e567f8a79d975db8b9908b431533c6394f26aeee841ceab847c952f8fbe8b8b5ac3ffa802f1701b4851532921d8996ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe

Filesize
184KB

MD5
39ed9a26db657633fae109db97b0710a

SHA1
b51e7c98c6d077abce4d99965d518a5633b0afcf

SHA256
6945f96428a17a6e0091c342a6f4b76f98c3ebdcc63010a9223b63aa5edd1173

SHA512
969b47761c7d56733cc8f6af3a1fe7017378dc81f7c73e998610ae08e67af18e84b96b47f2b140875f3ff34a6f3340d940850c44e852c0dbfa630d6857a13cef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe

Filesize
184KB

MD5
aa8ac7b8bb215a4e67726d743261cbfd

SHA1
4cbb0314b53df13641130e7fbc0088eed7aaf337

SHA256
40d04145c2039ae0912736db661db29166bf18af31660eb4a5809f67b907fef3

SHA512
da2ddcfa6b3597bd7bbcc20dbdaeb9454f9c4849399b91130f6672268868424f6aac6d6ec2cee3b788dc6cde95a2307201d8c1b0f9cfef605225bd24505f40d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe

Filesize
184KB

MD5
a94471fa75f807842f48f27eeb1f2398

SHA1
0cfa1c0a5abdcea9cbc60db37144a0d2dd2210a0

SHA256
4901368752fb7a8fb7db3fc9014dd0a1e0e5920e2a9c8d590a4053510635965d

SHA512
3cb0e2df561df8f7384365e69aea5b1c3883ea423632ca63254ec740ca8a9b13af431d907aa9b34f8e54bd0a0de61eb130ce852e558d7972c6daca538a754b25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe

Filesize
184KB

MD5
f1ae86718336da2f2e1b2b3141f1bbbb

SHA1
87d0ab9d8f4fb61802e0b3b0d41097217498ef9a

SHA256
5b08bcad5c828c33826902da3c8d54597adcb5647c92ea829d5a48a74ac18e47

SHA512
d6fc7df8dc0a68fc3862aee52a7e7f9905f63bbba788a5a4bae2c9f4d4d3ad926fdf766b61ca0958c2a89b29b08d102279d14ff87da499e041ceb31244c7dcc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe

Filesize
184KB

MD5
82080dd0802e1c96b6540c3f65236f45

SHA1
6bc08f61ff142c130a1a847c908afea126a940fa

SHA256
8edbc15afc5681579bdf8aa6f6694ef3ae9ade2fb3a63d6cbeac07706dad4e37

SHA512
768e7fb3330d1455c55b5aa7eb06ce70673eb34c81e90b29dd50967ea4d3734c9526e94e4362adfce003aefe03ec3c012ede9429f74d4a2e36f9570e048a18d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe

Filesize
184KB

MD5
2185d340b7d2f65b73c5fbaeca904221

SHA1
c0666482c6171e5c317da83c39e264ef92d5339c

SHA256
22b72aa219ba602f94d5dfac0184ecbe8f14430fd203f4f4b23abeab68bc7310

SHA512
fabdc8db2c537aeefa2ba2bee91a29e13665046e539e5af9f9a24ac3ade2e9ee014360c84dcf4ac0a851d80f5274024498008a0f995ad0415a207e8e088972ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe

Filesize
184KB

MD5
a738fefd00b4de82b53089a5c835ec96

SHA1
401987a86579f578606f2941347ff3be5d857201

SHA256
72c25bc9d5018141df018ff992829e489d81ca63e2b11b3c2c7bee802f8ae5e9

SHA512
f791799ae82853137a17da5c7ea9010d9d8bc807a0c9b8a1bc5dd5a8e4fa1058764b5ee1360fb6722190ad084cf87db52cf7ceadb769f8ce44b85eef73bd76c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe

Filesize
184KB

MD5
93b43499df5a5f717137a25ea837612f

SHA1
fd1656532f0e6af4525ed447ae0784c8a1843923

SHA256
645adfd2f9c42123655323d9068436ee88e196d8186d51e428d9d696d3511810

SHA512
4e15606dc4b22e3bbaf5a4e9e0d6e7bcd84da8586dc8e00edfe75f3928196281d82ec4e71b1b0f1917ea9fcbf9bf9452506804f98297a306c2473edd0645bfc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe

Filesize
184KB

MD5
8784337bcffbe81942bc445828fe2b3a

SHA1
72e239fce2faaee638de2f7cbec81bf07c6e5bbd

SHA256
5987d24d5ff97c89bb7fb342c8e7600aa4b231f004a880d277a15b1eb274184d

SHA512
30e924d7d5f0ccf67c5cd6b624fb7032d5e376f36bef448c3d2319ed30f0c297de087e13756cf8bef3dbf9abbc558120d9903c5a7f9485749c0fc495c17ff5ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe

Filesize
184KB

MD5
95e50c68f58a42ca235fa8e6c3d36122

SHA1
072cb800a57a33e858612b88fec49d0a2b7d2185

SHA256
c358e5f938a1cb301bceaeb5f4e2c0b261baf6786bdf9af8a3376ee7c19d28af

SHA512
1b64e1db9c016aa12810a0104065775f6dbd33c81d1456f162546fc79064af1b7dbb4b55529c3deb840c0bc836d16d7db5bd420d753c3f32676383d847e391ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe

Filesize
184KB

MD5
90b171b9d45b33141d628e843a108663

SHA1
e02540ed1909d496efd612ced5bfef4a9716eb07

SHA256
6f2242062c3da7d2cf41733607736ca66197aa0523f2b87299751b477ca771f1

SHA512
561bb15cb1f47aef304fde0b9cae8bd076da278c58d5c67024ba0afe0420f01327945d7980bbb8bba90eb63bb802529ae2dc0edafcc97193f1088a51e93d7eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe

Filesize
184KB

MD5
8fb820cbbf1991eb59951773619a2647

SHA1
e40395a04a870e82d4fb0ac7eda517f58bfa2479

SHA256
5c90b495c56761170c452d65993f027983ee1e3ed8a0095873012a5656bc1797

SHA512
d86126ca12636de04f75ca918a60a9c3e509708f546d940dbcc0950e4b36bf09b2a09c92cbe8a18a6248aee8d5d24a53da8cda78200147f1db20b8fbfaa9424d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe

Filesize
184KB

MD5
254aa092d93eed159b9eef630bec76b5

SHA1
8ab2058b8061be77d6a6141294de4eab16e90e5f

SHA256
97cac2cfb73f2e3121b762a47d66d450130fc818d055a87d3502e862b92bfca5

SHA512
15bb5e796afbb6be155e0c785fa4073dfc4c96bcacfbc6612712749b9dc3fc3d2ea0bd8d6de1a20e4eebd41dc2c71e807739ab5e7d3501641e10e6f0985ee4ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe

Filesize
184KB

MD5
f50a3e5c61661bf5e18934b9a7d35390

SHA1
b200493e5f9c9a45a6397006adeadc4d2b2f7656

SHA256
190827dfaf273f97f5c958c153af8c984205da7bdb12b61d177a8c6673087f45

SHA512
c71fc740314e21a0ff751438255e5e3c65b9bfe584d41340a9b9a9ee81ad0a5fe1c9200553d8e71185f001c0f079e8f525de4fa7da64d5368339d1e8c5f8cba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe

Filesize
184KB

MD5
4e16ebfa6c512e3e4da441362801254e

SHA1
ce0af1cb4a74d35864e11f394c4689581889aa0a

SHA256
e3d1dc4454094cd3c58d139e73067b1071466b01646a1926227a1410de22a4e7

SHA512
8e9e1e55329f361f994d343f09c2bf7eff75bc27b4731a8b722e0728ff9b3a2f5bca26c2b09fb33088cee2f3fe7eaf3992135a4f40c767ab84e97fa872612a61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe

Filesize
184KB

MD5
fee6a2dcf73370ab023f279e4edac1c8

SHA1
f09c37223ee7a95ed2db2a9a75d23944b008599c

SHA256
4d3dfba2f79785ff502b8d631481984a9c476db3519f0f823e423b34c2c88ef3

SHA512
1285f2c7904dd8c8e1c618fa39c04c0e21ee292c4ca4adf91dd4d5be13e06cd8847f0e7735ae1019c7cf05acb4e8aa74652b14b6019c8bd9b056ece768962f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe

Filesize
184KB

MD5
a19466882c9900d3c7ddd8fe97eb31d7

SHA1
f1fc9b58195fb6828c6da345a33cc375e5e3b421

SHA256
e7dccd626a597c5f9ad1c747ba2498760b1f80378c7847159dce92a187b29c59

SHA512
7b122f2de56e25f03009d6b5abbbc9b3c4022835cff4d8fa0f32ab53cafb1e98e5b5109be7eb3838039063517497afb94cf10afaa4f7a7cd3744736664e03169

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe

Filesize
184KB

MD5
9f9faa2eb21b23a5f32bb42ee7a4b36d

SHA1
f8711c4040d106870884157bce648ffe813bcdc6

SHA256
e4ad0cc8e251cd23945c13ef1ffc0e8d250bb9016cca5665120284dbc910bf6b

SHA512
e39a0da7a66dff3bd9e1720499cd179282c35c16eb13465d6f77c38049ad0d3487c216b7c75fe533bcfe67217df9121b4a64c3850d5fae3d67e61db4decff04f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe

Filesize
184KB

MD5
e6b650b384254328941e4b07f615bc8d

SHA1
4ecf6981fa3bb2bb6ac819c147363f727eb9ac50

SHA256
d4d507000287f92dc22ff84d3ae4c71fe8364e84fac566dc0968813e6a779bd1

SHA512
7456aaa5d128630e54752921722f4fc01794cb00ee4b398965fb28bc7d42f5eb9ddf272939b2a20b012edc0931cad79ed6b43ffa9eb439a09874cf1b0f04af34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56000.exe

Filesize
184KB

MD5
0b94d62e354ee0ba09aba4460527e463

SHA1
c019d362213cca7a9d5a3ecb77be132362623f37

SHA256
b5adda6847207bb9cb55ed9e6c3eedf13ad0435b7875ebb2cbac244b6422af1f

SHA512
87c32428a317417c8dd54260c41f87f2d0dc42ef37970dbd7b9d3d3bc9925f719c2e6bb5647d51bd08830f11f8837e5204f4d119ca89dcafee7a03e976720e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe

Filesize
184KB

MD5
441f65a600b8b4b95073534774bef68e

SHA1
b0700b1059bef1e5ce01511e020cc285caa78301

SHA256
aa7a18090d4366647b298f6bea032f36403e0b72465ae8a4a3cfad25417030de

SHA512
c7fe7f453a6d07e6459905eceec8ab581a51b392b3a76860d13073a085ab9a497af974366b45876d175354a699507db2cf71b971ad01ea00d9de2152e1491454

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe

Filesize
184KB

MD5
8aa953f28ca0b3ce62c65e26dde2eb50

SHA1
a0a00ca74968f04ded69fdda67725fa284def699

SHA256
80365b35bd6ab68ae9140d425c019cdf0f9bd1dc8ea7bc6169e56075061e7927

SHA512
683645e5a899e25f0ee0bf13395d757a53660b3513029077edf5ec0715091df606e318531f9d07c654395a1af3b08e4ea0183b15d07d0b01a3c99aeb368e1bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe

Filesize
184KB

MD5
b6790eb5b495bbc3d4d6907126f5df2f

SHA1
42e9cc2beceb4efdb9ec8f6533de601a3548c25e

SHA256
10de3b56d6fb23003f7cae99526ee7bb13a503a1b04455127b9abd1e0d84b6e1

SHA512
b5ea2b74ec7b2c6333761422f28d3def1003ca4430172bf5f6eacb5504939a936975674ade392299ec5f139d0b34d00ea6e2112b37406ff781f6068554335843

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe

Filesize
184KB

MD5
98b6abc6e1a23ca753f4cea5e57753e9

SHA1
286e32c1a8cdb71975dc6c827015adec30da8c4d

SHA256
0117fd0a2ff6b19f1317d7e373e3b05e8e15d32f97ae9e34f855b0e5e804e3ed

SHA512
1664ccd6423532cc0af002b78012fa384639aebd2c542a0fc5ad62dacc0f5145dc497da345f3a01a5570098ee46b233f86cf95612c0f72cd97a5dfbec699f618

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe

Filesize
184KB

MD5
6dd5b03f32a6dfc6cbad7866a83c397d

SHA1
da48cbb6a9d48f4c3604d33716f10af28d673a3d

SHA256
ce5ec71edf2b596b0732260fe70eaaa170f391d37d02aee29eac859b0be0fea3

SHA512
c5d98e4c98017d588393fe582d809fd7a6aa0f347cb3deb2c2f74977f170be5585708fe6d861be72c987236f8c9d80f48c841a6aaecca7fa9565282a8250f5bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe

Filesize
184KB

MD5
8c230fef46b0df570d6aa9d35e700332

SHA1
8644bb2840a1502a625ee472c05c0041b6b53163

SHA256
0540806c3c1f425f891dbc2a0c8c8e3058fac4096f2c57b93ffcd893b1675c10

SHA512
d416bc7567ebfdcd9412476b846d5dc2e1c27d9336e4238daaeaccca3180710d2e211d0b9d0cf83478d253d0315df5f3cd3b9a311721d939db5347b25d3c880f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe

Filesize
184KB

MD5
99788f15022c6053819e06d055bfe229

SHA1
6685edf59089831c4a8b86b6f3c243723a0fa8cc

SHA256
b2e6fda2fc0bc5f450daf3aeac5cb98197a4df86832a38e164b15ef0dcc5726d

SHA512
a4af0428804ca3968170524cef0e7b15c48a397d0fe2b603d74e400b97aea12f148173901b84e52e7da61831bb7fb17d9cfb530252abf890c07d349c3f07e047

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe

Filesize
184KB

MD5
0543c9c995dd7a7152d3c54e523f6fbe

SHA1
085798b59c5beba594bd7fd0f04bc4086272b354

SHA256
8482fbc672551689b46745dc7545932c41e0f6611a6e8b67a6bb78e942186cc2

SHA512
947e4cfc673894b60ba9a41a5325ebff5c319ab63a6cdaf65e77b61e7fc1e7c80d253ed306f3ccbc1063e1d637e5694fb9709f12b60b32e7654cff18a35fdb21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe

Filesize
184KB

MD5
e7e40dd9a516ffb381a144f642928c6f

SHA1
e18f7ea11a9471a59a8ff5ce35f581695f01ebf8

SHA256
0892822804eedd148576446d97f1e999b3447a0152ce02dc0e05eb6343031097

SHA512
946edc8a993573046dca4500035db254669121a08b6b28ad415d7ee348d65d7efd5a7fcb482d08d0dfe82cc033ab7a89a22265f60e93db357af92eb6b305e823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe

Filesize
184KB

MD5
b1ebde79937e28af532e5abc34337145

SHA1
941357b64c0beadc6d463bf2495e35d638ac3eca

SHA256
b3daaff59b975372342ae0907afdb8cdc95176932042114df23606e10a9452f5

SHA512
23f107d2da5f3766623c60530637dc75899a75e7f40a9e487d268145ee0292c298764ebad577ffc518e7cf48281386f61fbb7e11449d7d14496324ff2522e623

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads