68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf

Analysis

max time kernel
148s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240708-en
resource tags

arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe
Size

184KB
MD5

e6c728573362e151c2dfff2b00229618
SHA1

67fa4085fca7024bd762531f8e88bbfe2a94ea92
SHA256

68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf
SHA512

bc54bc3aa4df5e2272497b4ae2d17aa7f365ade5c51072116beafaa08bc1c5a15c4ea2dc244d7b765709c71824ee7b97f02ca0095b67a4631e01ebcebc6b975f
SSDEEP

3072:FqrLQxoyuU00w4x67O2QnpFylvnqn70uX:Fqiox54xSQpFylPqn70u

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3508	Unicorn-11503.exe
4800	Unicorn-43442.exe
4852	Unicorn-59456.exe
2424	Unicorn-55284.exe
2384	Unicorn-24558.exe
1816	Unicorn-27250.exe
4120	Unicorn-40986.exe
3672	Unicorn-42046.exe
636	Unicorn-64604.exe
4528	Unicorn-48823.exe
4724	Unicorn-3706.exe
2548	Unicorn-23572.exe
2740	Unicorn-10250.exe
728	Unicorn-9273.exe
1952	Unicorn-19222.exe
4040	Unicorn-46275.exe
1232	Unicorn-25108.exe
2056	Unicorn-62611.exe
3516	Unicorn-15377.exe
2420	Unicorn-15377.exe
3160	Unicorn-7764.exe
4888	Unicorn-21499.exe
4428	Unicorn-31714.exe
3968	Unicorn-6140.exe
4176	Unicorn-6140.exe
768	Unicorn-62747.exe
4500	Unicorn-10.exe
4376	Unicorn-47977.exe
436	Unicorn-28376.exe
3972	Unicorn-52388.exe
3436	Unicorn-19186.exe
4728	Unicorn-59664.exe
2440	Unicorn-24561.exe
5100	Unicorn-12793.exe
2544	Unicorn-36098.exe
456	Unicorn-55964.exe
4288	Unicorn-43612.exe
1828	Unicorn-31076.exe
3556	Unicorn-3042.exe
2492	Unicorn-39244.exe
3168	Unicorn-43328.exe
2348	Unicorn-44075.exe
2664	Unicorn-63940.exe
976	Unicorn-7375.exe
1768	Unicorn-7640.exe
3116	Unicorn-5594.exe
1116	Unicorn-29684.exe
1020	Unicorn-53634.exe
4948	Unicorn-11786.exe
4840	Unicorn-31652.exe
928	Unicorn-18065.exe
4868	Unicorn-18331.exe
2088	Unicorn-18637.exe
888	Unicorn-2102.exe
4684	Unicorn-41858.exe
1740	Unicorn-47988.exe
2536	Unicorn-62933.exe
1172	Unicorn-49934.exe
2172	Unicorn-47888.exe
1124	Unicorn-8600.exe
4024	Unicorn-44380.exe
1636	Unicorn-18523.exe
1652	Unicorn-25299.exe
2416	Unicorn-57417.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
7516	6616	WerFault.exe	267
8036	6388	WerFault.exe	325
10140	6220	WerFault.exe	247
10148	5368	WerFault.exe	242
11544	7688	WerFault.exe	304
12520	6228	WerFault.exe	248
17440	15616	WerFault.exe	807
19740	6076	Process not Found	1092
19468	6900	Process not Found	1094
11412	7696	Process not Found	305

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 60 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8488	Process not Found
Token: SeChangeNotifyPrivilege	8488	Process not Found
Token: 33	8488	Process not Found
Token: SeIncBasePriorityPrivilege	8488	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe
3508	Unicorn-11503.exe
4800	Unicorn-43442.exe
4852	Unicorn-59456.exe
2384	Unicorn-24558.exe
2424	Unicorn-55284.exe
1816	Unicorn-27250.exe
4120	Unicorn-40986.exe
3672	Unicorn-42046.exe
636	Unicorn-64604.exe
2548	Unicorn-23572.exe
4528	Unicorn-48823.exe
1952	Unicorn-19222.exe
4724	Unicorn-3706.exe
2740	Unicorn-10250.exe
728	Unicorn-9273.exe
4040	Unicorn-46275.exe
1232	Unicorn-25108.exe
2056	Unicorn-62611.exe
3516	Unicorn-15377.exe
2420	Unicorn-15377.exe
4888	Unicorn-21499.exe
3160	Unicorn-7764.exe
3968	Unicorn-6140.exe
436	Unicorn-28376.exe
4376	Unicorn-47977.exe
4500	Unicorn-10.exe
4428	Unicorn-31714.exe
4176	Unicorn-6140.exe
768	Unicorn-62747.exe
3972	Unicorn-52388.exe
3436	Unicorn-19186.exe
4728	Unicorn-59664.exe
2440	Unicorn-24561.exe
5100	Unicorn-12793.exe
456	Unicorn-55964.exe
2544	Unicorn-36098.exe
4288	Unicorn-43612.exe
1828	Unicorn-31076.exe
3556	Unicorn-3042.exe
2492	Unicorn-39244.exe
3168	Unicorn-43328.exe
3116	Unicorn-5594.exe
1768	Unicorn-7640.exe
2664	Unicorn-63940.exe
2348	Unicorn-44075.exe
1116	Unicorn-29684.exe
976	Unicorn-7375.exe
888	Unicorn-2102.exe
2088	Unicorn-18637.exe
4840	Unicorn-31652.exe
928	Unicorn-18065.exe
1020	Unicorn-53634.exe
4868	Unicorn-18331.exe
4948	Unicorn-11786.exe
1740	Unicorn-47988.exe
4684	Unicorn-41858.exe
2536	Unicorn-62933.exe
1172	Unicorn-49934.exe
2172	Unicorn-47888.exe
1124	Unicorn-8600.exe
4024	Unicorn-44380.exe
1636	Unicorn-18523.exe
2416	Unicorn-57417.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3508	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	83
PID 2044 wrote to memory of 3508	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	83
PID 2044 wrote to memory of 3508	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	83
PID 3508 wrote to memory of 4800	3508	Unicorn-11503.exe	84
PID 3508 wrote to memory of 4800	3508	Unicorn-11503.exe	84
PID 3508 wrote to memory of 4800	3508	Unicorn-11503.exe	84
PID 2044 wrote to memory of 4852	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	85
PID 2044 wrote to memory of 4852	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	85
PID 2044 wrote to memory of 4852	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	85
PID 4800 wrote to memory of 2424	4800	Unicorn-43442.exe	86
PID 4800 wrote to memory of 2424	4800	Unicorn-43442.exe	86
PID 4800 wrote to memory of 2424	4800	Unicorn-43442.exe	86
PID 4852 wrote to memory of 2384	4852	Unicorn-59456.exe	87
PID 4852 wrote to memory of 2384	4852	Unicorn-59456.exe	87
PID 4852 wrote to memory of 2384	4852	Unicorn-59456.exe	87
PID 3508 wrote to memory of 1816	3508	Unicorn-11503.exe	88
PID 3508 wrote to memory of 1816	3508	Unicorn-11503.exe	88
PID 3508 wrote to memory of 1816	3508	Unicorn-11503.exe	88
PID 2044 wrote to memory of 4120	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	89
PID 2044 wrote to memory of 4120	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	89
PID 2044 wrote to memory of 4120	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	89
PID 2384 wrote to memory of 3672	2384	Unicorn-24558.exe	90
PID 2384 wrote to memory of 3672	2384	Unicorn-24558.exe	90
PID 2384 wrote to memory of 3672	2384	Unicorn-24558.exe	90
PID 2424 wrote to memory of 636	2424	Unicorn-55284.exe	91
PID 2424 wrote to memory of 636	2424	Unicorn-55284.exe	91
PID 2424 wrote to memory of 636	2424	Unicorn-55284.exe	91
PID 4800 wrote to memory of 4528	4800	Unicorn-43442.exe	92
PID 4800 wrote to memory of 4528	4800	Unicorn-43442.exe	92
PID 4800 wrote to memory of 4528	4800	Unicorn-43442.exe	92
PID 4852 wrote to memory of 4724	4852	Unicorn-59456.exe	93
PID 4852 wrote to memory of 4724	4852	Unicorn-59456.exe	93
PID 4852 wrote to memory of 4724	4852	Unicorn-59456.exe	93
PID 1816 wrote to memory of 2548	1816	Unicorn-27250.exe	94
PID 4120 wrote to memory of 2740	4120	Unicorn-40986.exe	95
PID 1816 wrote to memory of 2548	1816	Unicorn-27250.exe	94
PID 1816 wrote to memory of 2548	1816	Unicorn-27250.exe	94
PID 4120 wrote to memory of 2740	4120	Unicorn-40986.exe	95
PID 4120 wrote to memory of 2740	4120	Unicorn-40986.exe	95
PID 3508 wrote to memory of 728	3508	Unicorn-11503.exe	96
PID 3508 wrote to memory of 728	3508	Unicorn-11503.exe	96
PID 3508 wrote to memory of 728	3508	Unicorn-11503.exe	96
PID 2044 wrote to memory of 1952	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	97
PID 2044 wrote to memory of 1952	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	97
PID 2044 wrote to memory of 1952	2044	68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe	97
PID 2384 wrote to memory of 4040	2384	Unicorn-24558.exe	98
PID 2384 wrote to memory of 4040	2384	Unicorn-24558.exe	98
PID 2384 wrote to memory of 4040	2384	Unicorn-24558.exe	98
PID 636 wrote to memory of 1232	636	Unicorn-64604.exe	99
PID 636 wrote to memory of 1232	636	Unicorn-64604.exe	99
PID 636 wrote to memory of 1232	636	Unicorn-64604.exe	99
PID 2424 wrote to memory of 2056	2424	Unicorn-55284.exe	100
PID 2424 wrote to memory of 2056	2424	Unicorn-55284.exe	100
PID 2424 wrote to memory of 2056	2424	Unicorn-55284.exe	100
PID 4528 wrote to memory of 3516	4528	Unicorn-48823.exe	101
PID 4528 wrote to memory of 3516	4528	Unicorn-48823.exe	101
PID 4528 wrote to memory of 3516	4528	Unicorn-48823.exe	101
PID 2548 wrote to memory of 2420	2548	Unicorn-23572.exe	102
PID 2548 wrote to memory of 2420	2548	Unicorn-23572.exe	102
PID 2548 wrote to memory of 2420	2548	Unicorn-23572.exe	102
PID 4800 wrote to memory of 4888	4800	Unicorn-43442.exe	103
PID 4800 wrote to memory of 4888	4800	Unicorn-43442.exe	103
PID 4800 wrote to memory of 4888	4800	Unicorn-43442.exe	103
PID 1816 wrote to memory of 3160	1816	Unicorn-27250.exe	104

C:\Users\Admin\AppData\Local\Temp\68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe
"C:\Users\Admin\AppData\Local\Temp\68406e95a100a8a5329d936459b6c72a6cc0ac1aeddb12444329b4a94b8160cf.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        9⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        10⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        10⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        10⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        10⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        9⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        9⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        9⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        9⤵
        
        PID:18192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        9⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        9⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50183.exe
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        8⤵
        
        PID:18392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        9⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        9⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        9⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        8⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        8⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        7⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        9⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        9⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        9⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        8⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        8⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        8⤵
        
        PID:18004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        8⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        8⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        7⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        7⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        8⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        8⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        7⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
        7⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        7⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        6⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
        9⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        9⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        9⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1247.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        8⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        8⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        7⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        7⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        7⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        8⤵
        
        PID:18100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        7⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        8⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        7⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36731.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        6⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        7⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        7⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        6⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
        5⤵
        
        PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        9⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        9⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        9⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16498.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        8⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        8⤵
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        6⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35953.exe
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        8⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        8⤵
        
        PID:17600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35176.exe
        7⤵
        
        PID:17488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        7⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        6⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        6⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        8⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        7⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
        7⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9560.exe
        7⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46976.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        6⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        5⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        6⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        8⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        8⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        7⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        7⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        7⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        7⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        7⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        6⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 464
        7⤵
        Program crash
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        6⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        6⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        5⤵
        
        PID:15616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15616 -s 436
        6⤵
        Program crash
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        5⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        5⤵
        
        PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
      4⤵
      PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
      4⤵
      PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
      4⤵
      PID:16532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
      4⤵
      PID:17928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        8⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        8⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23409.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        8⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        8⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        7⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        8⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        8⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        7⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        7⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        6⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 716
        7⤵
        Program crash
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        6⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        5⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        8⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        7⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
        6⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        6⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        6⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        6⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        5⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42930.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        5⤵
        
        PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        7⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        6⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        6⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        6⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        5⤵
        
        PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        5⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        5⤵
        
        PID:352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        7⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        6⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        6⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        6⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        7⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        7⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
        6⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        5⤵
        
        PID:6616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 212
        6⤵
        Program crash
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        5⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35248.exe
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        5⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        5⤵
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12571.exe
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
      4⤵
      PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
      4⤵
      PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      4⤵
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        5⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        6⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        5⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        5⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        5⤵
        
        PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32376.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
      4⤵
      PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
      4⤵
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
      4⤵
      PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
      4⤵
      PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
      4⤵
      PID:18048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
      4⤵
      PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
        5⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        5⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        5⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exe
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
      4⤵
      PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
      4⤵
      PID:17484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
    3⤵
    PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
    3⤵
    PID:8340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
    3⤵
    PID:13540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
    3⤵
    PID:16800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
    3⤵
    PID:5388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        8⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        7⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        8⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        8⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        8⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        7⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        7⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        8⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        7⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        6⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53712.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        6⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        5⤵
        
        PID:6388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 468
        6⤵
        Program crash
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        5⤵
        
        PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        8⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        8⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        8⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        8⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        7⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        7⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        7⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25299.exe
        5⤵
        Executes dropped EXE
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        7⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        6⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        6⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        5⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        7⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        6⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        6⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        5⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        5⤵
        
        PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50983.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        5⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
      4⤵
      PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
      4⤵
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
      4⤵
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
        6⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        5⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        5⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        5⤵
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        5⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        5⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        5⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        5⤵
        
        PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
      4⤵
      PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
      4⤵
      PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
      4⤵
      PID:16772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        6⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        5⤵
        
        PID:17944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
      4⤵
      PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
      4⤵
      PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
      4⤵
      PID:5948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        6⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        5⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        5⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        5⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        5⤵
        
        PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45367.exe
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
      4⤵
      PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
      4⤵
      PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
      4⤵
      PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
      4⤵
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
      4⤵
      PID:6228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 632
        5⤵
        Program crash
        
        PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
      4⤵
      PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
      4⤵
      PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
      4⤵
      PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
      4⤵
      PID:7144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    3⤵
    PID:6748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
    3⤵
    PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
    3⤵
    PID:13100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
    3⤵
    PID:3100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
    3⤵
    PID:1292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        6⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        8⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        8⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        7⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        7⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        7⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
        5⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
        5⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        5⤵
        
        PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        5⤵
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        7⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        7⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        6⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        6⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      4⤵
      PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
      4⤵
      PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        7⤵
        
        PID:18404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        6⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        6⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
        5⤵
        
        PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        5⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        5⤵
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48267.exe
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
      4⤵
      PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
      4⤵
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        5⤵
        
        PID:6220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 720
        6⤵
        Program crash
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        5⤵
        
        PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      4⤵
      PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
      4⤵
      PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
      4⤵
      PID:16572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
      4⤵
      PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
      4⤵
      PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
    3⤵
    PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
    3⤵
    PID:9364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
    3⤵
    PID:13152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
    3⤵
    PID:15652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
        6⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        5⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        5⤵
        
        PID:17812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        5⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        5⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        5⤵
        
        PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62714.exe
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
      4⤵
      PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57536.exe
      4⤵
      PID:18236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        6⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        6⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
      4⤵
      PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
      4⤵
      PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
      4⤵
      PID:640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
    3⤵
    PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
      4⤵
      PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
      4⤵
      PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
      4⤵
      PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
      4⤵
      PID:6724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
    3⤵
    PID:7980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
    3⤵
    PID:11244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
    3⤵
    PID:14464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
    3⤵
    PID:2092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
      4⤵
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21459.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        5⤵
        
        PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11055.exe
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
      4⤵
      PID:13176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
      4⤵
      PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
    3⤵
    PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        5⤵
        
        PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63612.exe
      4⤵
      PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
      4⤵
      PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
    3⤵
    PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      4⤵
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
      4⤵
      PID:17444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
    3⤵
    PID:9656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
    3⤵
    PID:12404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
    3⤵
    PID:16144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
    3⤵
    PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        5⤵
        
        PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
      4⤵
      PID:18248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
    3⤵
    PID:6288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
    3⤵
    PID:10200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
    3⤵
    PID:13848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
    3⤵
    PID:16612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
  2⤵
  PID:5684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
    3⤵
    PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
      4⤵
      PID:17608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
      4⤵
      PID:7864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
    3⤵
    PID:10172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
    3⤵
    PID:12656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
    3⤵
    PID:16600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
  2⤵
  PID:6980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
  2⤵
  PID:10944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
  2⤵
  PID:13952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
  2⤵
  PID:17348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6616 -ip 6616
1⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6388 -ip 6388
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6220 -ip 6220
1⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5368 -ip 5368
1⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7688 -ip 7688
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6228 -ip 6228
1⤵
PID:12460

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:1628

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:17704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe

Filesize
184KB

MD5
d38fca1ba989d97c82ab7c5808b9fe07

SHA1
197c3a1ee9081d180376d640df8a2d65aaa7b027

SHA256
967595dedb95da8225ad20f3560fe2d6f87822e5a483b90e0829fac29b690d89

SHA512
dccdcfec8412c833b65e8dcd21f817f940342f5c6c6deda43ab187260196323cd6441d3f34e6c214ed509e7b988d4e0a4c75156cf5427e4f8082c9dee1431739

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe

Filesize
184KB

MD5
52b030c9dd41de50a0dd0fc2307f44e3

SHA1
5ba6eecca0297235de6a49b38f50a7b7df7d6319

SHA256
5148a56fdcf01a6681b781a7f9b05a5568447e502e514a82841f0dc98b8dcb35

SHA512
3009a7ab9f20c9cdafabb6dcb04c999bddbd0f85c0fcf06de22fce88f01e5c9f3b1bfcadf6d68dd8e38b42164210d1ec90a8b799d0fe9e71c4cc15ec60192cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe

Filesize
184KB

MD5
a4dd9545cbb690875ed92c5eedfc8a12

SHA1
a8909d295f1f42b575cb10d49d1c5714e1bc4a52

SHA256
6a02b76eb4554715b60e76296ef04ed0989acf353163cc3e626cbc9eb55cc45a

SHA512
63e323e2dc07e7c8af30cd4877216bef291877e474b12604f1c29c248deeb79467029fe8a6488ef09a6c31da4f41d3bd16e4602381799577bbccebf22e55705a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe

Filesize
184KB

MD5
2c9d23c2538453c235a91c41e59bae38

SHA1
99509a263842d8347437bc6a13797d335da0586e

SHA256
edcd3b77f43ecfcbac9c95c67d20887586ae280d31fc149ac2216b9a63d322c6

SHA512
d25fd766ba58156b28bc1c96796fab1db53f4a0302299b7b56bd1989dc0ca374893c1da02adb92418a068793a6bec73501ff3d6ff1f75a81bc913b17428ee403

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe

Filesize
184KB

MD5
a420c2e8dd7eba082c13a0e60f95c4a1

SHA1
d62cbf9c9babcec5f7e82963bd96b1fdae3ca1f2

SHA256
5a69426cc3db4fd4d987b6178437d7c76b4602e5da33786a1d2f7e3c10a6448d

SHA512
90b5f0f58f13b42fb1f361a0b71da82fc8947989254c84820206b7fece1cf80d5369e11b53aa1f9a786fe8621c859ee9716eb2284ebd443bc6ed76b5d2250121

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe

Filesize
184KB

MD5
0cd9393247ed91bea75b526768d21777

SHA1
6706770a3c518c071bfc94da7cdd219e5c21a333

SHA256
b06f06196e866cbefbf6987fd2572e240a5ecc393841bca38b6372d6417f024d

SHA512
e5163e255c01089d8a5e1a9e07f727cb63116be51751bcc2e282b95b00e024609a744230876add063c6fbf395dc73c5548390054e118f91f31505590da577f61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe

Filesize
184KB

MD5
76336ac7ad83ee4a768ac8d77c1384ee

SHA1
ed63e35e9ed12d572ba20693d806af53e487fac2

SHA256
ab322bcb038b002073edc209875d690d772a0e232d5bfe9f4884af1555b6041c

SHA512
f42fd7b91bc9d495c9c37c0e15cff6edfaacbd9cefbd73b753259521e8a962407daaf6c318ea1b89e03cf5d3548a32d3d15b5a9193eedc1e49d97e429e3bda2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe

Filesize
184KB

MD5
edd547eb66ba2a3f47601034fbcc1390

SHA1
3c2095e1d23a8820730c876e084870a8224d7d06

SHA256
222a80769e016e6e850383c8828707fdc700f13d14674890c241e7624569bb98

SHA512
6d42fdfc9c9ce57e6804b519f70a0562fe37951d95065bd91b05df744ab7a8e8473b8defc5a27bcd07a6aa94c9bb362969a1b7f2a020aa29c4e437289258922b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe

Filesize
184KB

MD5
4e7d677fc9a124221aca02e0c3dcf3d4

SHA1
9ec3e96b03dfb8c382c3a7ce0352ad9fbcd62bca

SHA256
10a14d3f29466ede7bab18d85d1becfcabaf5ebf06bacb0b08a412818aa78518

SHA512
d608d533bb87e945a0133c465e1e241887b8d21655a83c35d7c7535e89ca80bc91bd2d191cc44f23b06aa6365ca221dbdd6e6afd9e17ef0f104c48296d40bc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe

Filesize
184KB

MD5
041a98ee26dee85279d465a052f778dc

SHA1
e97ab502e469bd3777fbf3919e22b91c8d4fccfd

SHA256
f0551db708d0079f99a201f21fd16d9a2eb25f5b4d1a87d377e8e1ecead6a719

SHA512
9c02037366a91f69bd8a0acb3d76adc5261bddcf88afe368f575bad43cd5568657575b10286f7bb6b3cc6e90701a1c895d28b90db0578f9d373a98532f03df0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe

Filesize
184KB

MD5
2bd3186bb7ed0b9c257f88a682e91cb0

SHA1
55a3750f217edbcb5af4093bde928d7a8a4b796a

SHA256
12616b3976749f3e9900cb87668ec00444c4cce90d7ea18eea17d8b2f551aa40

SHA512
c874910e3dddf7b55b46a6248da84bc4a77a48a8f28755abee0b46fbeaabc4b4c9ca9b9331696b420bdfaae4d9c6bc7377c0af8f8153fbe32164f25703e7e8e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe

Filesize
184KB

MD5
5c865b2146fe75184b850b2c4386a608

SHA1
53e807315af92c76e6e471d332a91def70f30f09

SHA256
e0833e8ee25bc8e1c842fff4c26858efae5cc2fdfcf56ea372a54512055a79eb

SHA512
8a4d2708ff2d74f8114a8a343db99bcbc399447271b8ac24a00cc300cd383e2c2977273b6a6dfa57c063da581459dd0b39af62bf0cbc4929aee65de4648eddd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe

Filesize
184KB

MD5
2ff16c8b86f18b12a67570e9350d0643

SHA1
3509db349894b69a81e7ec24e7e31614191eae4e

SHA256
50f22125bda1f1caa83a7ac5d07d829d486af7dc4a6c218a3b47f0a876b86cf4

SHA512
5eb11f47d2ef77e32980e945733f7fa7bd4b283ccd4a81eb763b78c4b2e6b154fd8f6a47ebcb75dd3479655ba12073807da194c3fd87c27effb198613d74e761

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe

Filesize
184KB

MD5
6a1cb0b9ddb60333619e1503b2abb61f

SHA1
b0e91928c5d693e69d81b24b7ae16469eb9e4b4c

SHA256
877643fe8ed403fe1cf30e2017581c9b50e7ff7a1f51e0c2d3e1839027c3c277

SHA512
e50d98a168fd0f41ff8344f69d3b8175df6fed3605688e2aceaf5c2a89ac938c983adc79507494bea509b7f8a51d76c2bac72b17c0396d5357cc1a631465188e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe

Filesize
184KB

MD5
c6ae169883fe607c1e03b678bbc36778

SHA1
faa8e274f6f7936edf7f15829d22cda933a6c10f

SHA256
72b645511043dc4b3ff9568fcb0f930578f200ce9fbc8cb5a1bdf6607431ca34

SHA512
b6d85b5287e76c360ed9b9b78ffe78d896d7c9556674a6736e7569123a14aac30a0cf1f242be083bc37fdf47c5e0b768bf3588116ade8a693207257c7b902507

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe

Filesize
184KB

MD5
352a94ba10bdba0cc766aab8aaa14523

SHA1
510adaea55c06faa0a453bb3af33efe016b86390

SHA256
0038634486f6bdd693229e8a9f32fe8dace673f4a10b2a5d12fca2e636034c96

SHA512
3a1cf373338f1f18372724d1bb873d02b617a9c997b43592a74ca244f5d56a80e2363a102f494593eab6a2b5639d3e5854ed3ba07cfc373087a54b365d5cb1a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe

Filesize
184KB

MD5
64a138ac67cdc83cbdbb43f30abe618e

SHA1
38e5fb4c786b48358009c621c77f50038083967e

SHA256
db1787b482722e96db9b9c84a0f14fc440305d9d79473234ac3429ec48eea83e

SHA512
85a62b30c100890f24af8f0f7da4eb188bf4d7be299f369f2daf8e585e60919b90337700b301154381faef8ed483a038ae66482f57857f58cc3d93b617fd7f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe

Filesize
184KB

MD5
d033f744e4def38b51673a37c9aebc84

SHA1
c801b8c9d890d32a80f9876f39120baeff8473c7

SHA256
4cee54a0b36ca899c61f9b15f37d5f0a385ce88ffe85df8d7f27786e5da60838

SHA512
a800900c74c7b6ef51f81532a6f749faef7166572af32fb1c11742b65bcc90f0ac44fbccdebe6fcf6b16094b475c8809da54a61ddebf3888cd6f2c51684746f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe

Filesize
184KB

MD5
ec48868cb08ba83cecdd8b6502f5f5e5

SHA1
d0bfcc04d99dc58e74e52952af09b061360133e1

SHA256
75dc78c4b9ae2c9f8cdbeceb8bd89f36c157fd13972aa35bf52c59e7753fcf53

SHA512
26843605160aab0220e37b0f2ebef8357319fb6ee316fbc6300ec23476a5fec597709380998aa548f28dbd6d4eeb0afdffaf884bae4c78941f33e971d0c19c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe

Filesize
184KB

MD5
cf87a153d95fc76885367210c856ccf4

SHA1
01ff4c6d98355993ce21ca8ab9a04e84b7769bff

SHA256
a372d2b97023d61a41912b8e7324fe15ff04325cf6ed6142281d4c0f706a0e9b

SHA512
d5125a784ca96ad4c9b81c694cdf5bd612bb2da49d488219bc23c5971955d5b52f096bd4bddb36cc619be0c84c29b27b2008c89e38a528ec265c353a12270122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe

Filesize
184KB

MD5
a9607df83a6cc63af560e3cfcfeffd8d

SHA1
8613deaf82ffc219aaa3a8c6fb806a8184ded231

SHA256
6ea5bce428a89f218e20a762344dac5f9014f4be65f0ad98f133491850bf913a

SHA512
aa90a85e038e6601d28875b19c016834bc2b4f518f814a6617f191b3a5bfbdda334c90ba5cd6052cb55f786f89f988fece9966bed0751be4071a654859c50720

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe

Filesize
184KB

MD5
84138600edca467c573a316d9be41bfe

SHA1
82055ac79011c043c7e859d2b030ae4c522e93a6

SHA256
9e96fd650fc292c92ce8dd2d32fa47c8915f498581941fabf59b0781e51e8b49

SHA512
4092fac7fcbeee561601b46e01c8570e860104f921cf4f0eca5aaa046d46c0b39d9ddc4ff3a001a8049a54ae45023bb35ad186865e48f5dee8f0f6b8bd48155b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe

Filesize
184KB

MD5
10c10e21e2c10d8fb4d32915177074aa

SHA1
3a39e6fbecfe9b7f946d33a49a1e32d363bb2d39

SHA256
d692a20ec3e897ba4a9e180663a66e9409a23fa3200bf644b38129c24fbcbd47

SHA512
089e8f80ed95658516ecb4dda8cb6ffb4982466c55298a30898bfaa61b9381c8611476712ff589e84f5f43b1919a1ea2e5b31de8742570a79f0461825d36a03c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe

Filesize
184KB

MD5
5e2bc16d65d108df1d49053787046529

SHA1
fb6489e703378b395b6392a7af3c92c0985de4d1

SHA256
71700354fa6d0676fd9aa9b911c4b72feb550ce4252888cb028848f2891121eb

SHA512
11f87acb08cffbbac28407e3814413be24097ca5ec69c1382436ab704e0d77320b2c9700dc478fbfddf200abdb45c8ffc900ac4a26e05a57978f2c8e437b1cca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe

Filesize
184KB

MD5
6915a28b1424e63ba01d2514dd1e6947

SHA1
92d089b323292955199b7b3be1a7619eddee1bfe

SHA256
3229afc82e0c8d339452ec0cb4f0c097bd4c0213aecd98512555be9d87adeeeb

SHA512
73a804b1a132a28f629efb4cee19461679c4bd37c181521be666829709ea79d551a6bcb83bc5cc296f8c9f8ad15e2a0a117e18fe07c935fed3168bc5fa12be81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe

Filesize
184KB

MD5
b846d467f587374d91be44ccb069d063

SHA1
8b4add0c2e416f209679b9298ca8e5a341ad1e9e

SHA256
058081bcbc7c68faf546e34f74ff0cf7fc605f6c00e65dd8cc84354187e32b63

SHA512
6fbdc45cb99c36da1736c71cfeffcff77743dc0437d46a20833cb8928c97ca5355f8f20cfcae4e0a520de9cd1d89ac3a65a2df84595aef46a644af0be5b0473b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe

Filesize
184KB

MD5
b983ea892f432a642c96d010b657e78e

SHA1
8ef09ca73dcdbe8d4888d1f2935553bb47337682

SHA256
2a8f79fa680fa975c935772bb9da579fdfd08e28a36370f0cd77a6874ffb2654

SHA512
a5a6a977e14162f2d89e074a7be6fa9677de6e37ec5c1f9fd0b28a94a0668435649d27cb3c38d86711bf49302b1ddc103751580273ae991f0c1b93ed0975097e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62611.exe

Filesize
184KB

MD5
140b22d2afc0285b2aebc74c4eaeb85f

SHA1
50d577799c5ba65876e3d8579320754d17751501

SHA256
d5b67aec743b70ed3b82fd357f72b7a6765f7b99fb6337590bd38b975a9078e6

SHA512
33eae2249c0b5dc280f6310e34e67273c16ee628265e72ad142780a77a87c28b7537593ce1c0bf2c0c4a66d73f2279c5c46c69ae51ab16e57858177799269c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe

Filesize
184KB

MD5
41f50253ba941f52593f3da56f0a2ef8

SHA1
229de5000727407f2cd3680c1e5097ae84e592cc

SHA256
0b7d522cd718c0a84c18bc5b88dfdda6c69d7dcbb4dbadb1ce3cccf6e2c5995b

SHA512
546b13fefa10519c89b6a6e8cd4285c5cd8f9b3b5cde96f0dc4faa469d12d32f68a56f1cee5783cacdaa7033dbaac2a68742081d72ba9aea7773eac637cdc507

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe

Filesize
184KB

MD5
f348ebbdd431a27f26cdf6e9f1d30549

SHA1
a3e4ca8bf9dda07dc7f24505ccb62ae43d0b2381

SHA256
fa48110f269de40b9bd46d02029779f04519083fabe1192836ca74bc235ba5c9

SHA512
9789e09130ed07f61b3b5af89a8b757c80dcb445e9a4492c145239c664fa7f2daa4fbb80ea386ab9f13a8d4f63b33574ab29277ca72aacaa66291aa01858dd50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe

Filesize
184KB

MD5
e752f43d7e917be0aed83eaae3388ed2

SHA1
64958f221ebe56719d34ae3c852467d3c1a803fd

SHA256
b1dfae8698ba89824dcbc62a1ae8b3b6334adb053dd18f44b9f7552aed3f3220

SHA512
d56ea502167f0deddc634273a95e6af93380e97889f0c18818814f8e62d021f4c3d4aa74e69adcd849d9686e096a338b5754ee3292b65c36bc8a88ed3b47e1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe

Filesize
184KB

MD5
277e587df8031b229118ed08704e0fee

SHA1
692eaafabbe99a07b02dba834b6639d5d5954e2c

SHA256
1c5685c960d64b0db5826f2ef13da2f69964fb31190d941dd4e0c4ad974265e0

SHA512
bfd874648f954d794648e0a3da33b92b189d1cef39ec93a4452d6023970b44a5e98908dce5b58483176f389cea226b20da4fe367ff926ee4c5df22abe75c7e45

Download Submit
memory/5160-2995-0x00007FFD28A40000-0x00007FFD28AC3000-memory.dmp

Filesize
524KB

Download
memory/5916-3216-0x0000000077920000-0x000000007792A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads