7045199ac1bdf20e7923db470068e57f0bb3d6a5e78ad5c3f7dfcc0395ad5316

Analysis

max time kernel
115s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9076d61a486ce182f8a6bb5fff047c0N.exe
Size

468KB
MD5

c9076d61a486ce182f8a6bb5fff047c0
SHA1

301fd77f9fc91037b266c87c8c9dd16f88b75640
SHA256

7045199ac1bdf20e7923db470068e57f0bb3d6a5e78ad5c3f7dfcc0395ad5316
SHA512

6c9c399eb78dec4f7984caa5c048f316db4f5ab9bb13131dcb1ef8e51a7a593da306ebca48db1cf0f631aec555a13f12f6049e8213dd80455aeca3edae85895b
SSDEEP

3072:1GDeoEIKq05UDbYpH5cOcf8/zChsP0pwnLHewVPPlPH+2SVsvQle:1Gqo98UDuHSOcfYYxslPeFVsv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2724	Unicorn-18139.exe
3536	Unicorn-4298.exe
1624	Unicorn-41801.exe
4552	Unicorn-15887.exe
1616	Unicorn-33876.exe
4856	Unicorn-24225.exe
748	Unicorn-2409.exe
732	Unicorn-18767.exe
416	Unicorn-43655.exe
1844	Unicorn-14609.exe
4044	Unicorn-8744.exe
4816	Unicorn-60546.exe
2552	Unicorn-28087.exe
3096	Unicorn-17872.exe
5096	Unicorn-26093.exe
3696	Unicorn-8626.exe
656	Unicorn-6213.exe
2728	Unicorn-34439.exe
5060	Unicorn-26271.exe
3900	Unicorn-65065.exe
3708	Unicorn-50013.exe
2892	Unicorn-5393.exe
2812	Unicorn-51330.exe
876	Unicorn-5658.exe
4308	Unicorn-5658.exe
4928	Unicorn-43951.exe
2080	Unicorn-60287.exe
1960	Unicorn-52674.exe
1356	Unicorn-18989.exe
1512	Unicorn-33352.exe
4372	Unicorn-39483.exe
4116	Unicorn-40251.exe
4408	Unicorn-35273.exe
1248	Unicorn-25621.exe
2260	Unicorn-562.exe
5100	Unicorn-12985.exe
2368	Unicorn-20599.exe
1160	Unicorn-20599.exe
4768	Unicorn-33738.exe
4752	Unicorn-45293.exe
4920	Unicorn-21559.exe
4272	Unicorn-34195.exe
3440	Unicorn-34195.exe
3520	Unicorn-34195.exe
4804	Unicorn-34749.exe
4084	Unicorn-54615.exe
700	Unicorn-30281.exe
3236	Unicorn-62954.exe
3800	Unicorn-24556.exe
1704	Unicorn-1144.exe
2292	Unicorn-63359.exe
2968	Unicorn-30879.exe
3968	Unicorn-4136.exe
2116	Unicorn-1833.exe
4984	Unicorn-22689.exe
4700	Unicorn-1522.exe
2592	Unicorn-21943.exe
644	Unicorn-47386.exe
4844	Unicorn-1714.exe
4420	Unicorn-17288.exe
2976	Unicorn-11589.exe
4332	Unicorn-55959.exe
1924	Unicorn-44262.exe
5032	Unicorn-44262.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
6352	4408	WerFault.exe	128
8176	2696	WerFault.exe	161
10080	6980	WerFault.exe	256
12260	5864	WerFault.exe	204
12116	6972	WerFault.exe	255
5268	6036	WerFault.exe	226

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3712	c9076d61a486ce182f8a6bb5fff047c0N.exe
2724	Unicorn-18139.exe
3536	Unicorn-4298.exe
1624	Unicorn-41801.exe
4552	Unicorn-15887.exe
1616	Unicorn-33876.exe
4856	Unicorn-24225.exe
748	Unicorn-2409.exe
732	Unicorn-18767.exe
416	Unicorn-43655.exe
4816	Unicorn-60546.exe
1844	Unicorn-14609.exe
4044	Unicorn-8744.exe
2552	Unicorn-28087.exe
3096	Unicorn-17872.exe
5096	Unicorn-26093.exe
3696	Unicorn-8626.exe
656	Unicorn-6213.exe
2728	Unicorn-34439.exe
4308	Unicorn-5658.exe
2892	Unicorn-5393.exe
3708	Unicorn-50013.exe
876	Unicorn-5658.exe
5060	Unicorn-26271.exe
3900	Unicorn-65065.exe
2812	Unicorn-51330.exe
1356	Unicorn-18989.exe
4928	Unicorn-43951.exe
1960	Unicorn-52674.exe
2080	Unicorn-60287.exe
1512	Unicorn-33352.exe
4372	Unicorn-39483.exe
4116	Unicorn-40251.exe
4408	Unicorn-35273.exe
1248	Unicorn-25621.exe
2260	Unicorn-562.exe
5100	Unicorn-12985.exe
2368	Unicorn-20599.exe
1160	Unicorn-20599.exe
4768	Unicorn-33738.exe
4752	Unicorn-45293.exe
3440	Unicorn-34195.exe
4272	Unicorn-34195.exe
4084	Unicorn-54615.exe
4804	Unicorn-34749.exe
3520	Unicorn-34195.exe
4920	Unicorn-21559.exe
700	Unicorn-30281.exe
3236	Unicorn-62954.exe
3800	Unicorn-24556.exe
1704	Unicorn-1144.exe
2292	Unicorn-63359.exe
2968	Unicorn-30879.exe
3968	Unicorn-4136.exe
2592	Unicorn-21943.exe
4700	Unicorn-1522.exe
2116	Unicorn-1833.exe
4984	Unicorn-22689.exe
644	Unicorn-47386.exe
4844	Unicorn-1714.exe
4420	Unicorn-17288.exe
2976	Unicorn-11589.exe
4332	Unicorn-55959.exe
1924	Unicorn-44262.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 2724	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	91
PID 3712 wrote to memory of 2724	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	91
PID 3712 wrote to memory of 2724	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	91
PID 2724 wrote to memory of 3536	2724	Unicorn-18139.exe	95
PID 2724 wrote to memory of 3536	2724	Unicorn-18139.exe	95
PID 2724 wrote to memory of 3536	2724	Unicorn-18139.exe	95
PID 3712 wrote to memory of 1624	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	94
PID 3712 wrote to memory of 1624	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	94
PID 3712 wrote to memory of 1624	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	94
PID 1624 wrote to memory of 4552	1624	Unicorn-41801.exe	99
PID 1624 wrote to memory of 4552	1624	Unicorn-41801.exe	99
PID 1624 wrote to memory of 4552	1624	Unicorn-41801.exe	99
PID 3712 wrote to memory of 1616	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	100
PID 3712 wrote to memory of 1616	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	100
PID 3712 wrote to memory of 1616	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	100
PID 2724 wrote to memory of 4856	2724	Unicorn-18139.exe	101
PID 2724 wrote to memory of 4856	2724	Unicorn-18139.exe	101
PID 2724 wrote to memory of 4856	2724	Unicorn-18139.exe	101
PID 3536 wrote to memory of 748	3536	Unicorn-4298.exe	102
PID 3536 wrote to memory of 748	3536	Unicorn-4298.exe	102
PID 3536 wrote to memory of 748	3536	Unicorn-4298.exe	102
PID 4552 wrote to memory of 732	4552	Unicorn-15887.exe	103
PID 4552 wrote to memory of 732	4552	Unicorn-15887.exe	103
PID 4552 wrote to memory of 732	4552	Unicorn-15887.exe	103
PID 4856 wrote to memory of 416	4856	Unicorn-24225.exe	104
PID 4856 wrote to memory of 416	4856	Unicorn-24225.exe	104
PID 4856 wrote to memory of 416	4856	Unicorn-24225.exe	104
PID 3712 wrote to memory of 1844	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	105
PID 3712 wrote to memory of 1844	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	105
PID 3712 wrote to memory of 1844	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	105
PID 2724 wrote to memory of 4044	2724	Unicorn-18139.exe	106
PID 2724 wrote to memory of 4044	2724	Unicorn-18139.exe	106
PID 2724 wrote to memory of 4044	2724	Unicorn-18139.exe	106
PID 1624 wrote to memory of 4816	1624	Unicorn-41801.exe	107
PID 1624 wrote to memory of 4816	1624	Unicorn-41801.exe	107
PID 1624 wrote to memory of 4816	1624	Unicorn-41801.exe	107
PID 748 wrote to memory of 2552	748	Unicorn-2409.exe	108
PID 748 wrote to memory of 2552	748	Unicorn-2409.exe	108
PID 748 wrote to memory of 2552	748	Unicorn-2409.exe	108
PID 3536 wrote to memory of 3096	3536	Unicorn-4298.exe	109
PID 3536 wrote to memory of 3096	3536	Unicorn-4298.exe	109
PID 3536 wrote to memory of 3096	3536	Unicorn-4298.exe	109
PID 1616 wrote to memory of 5096	1616	Unicorn-33876.exe	110
PID 1616 wrote to memory of 5096	1616	Unicorn-33876.exe	110
PID 1616 wrote to memory of 5096	1616	Unicorn-33876.exe	110
PID 732 wrote to memory of 3696	732	Unicorn-18767.exe	111
PID 732 wrote to memory of 3696	732	Unicorn-18767.exe	111
PID 732 wrote to memory of 3696	732	Unicorn-18767.exe	111
PID 4552 wrote to memory of 656	4552	Unicorn-15887.exe	112
PID 4552 wrote to memory of 656	4552	Unicorn-15887.exe	112
PID 4552 wrote to memory of 656	4552	Unicorn-15887.exe	112
PID 4044 wrote to memory of 2728	4044	Unicorn-8744.exe	113
PID 4044 wrote to memory of 2728	4044	Unicorn-8744.exe	113
PID 4044 wrote to memory of 2728	4044	Unicorn-8744.exe	113
PID 416 wrote to memory of 5060	416	Unicorn-43655.exe	114
PID 416 wrote to memory of 5060	416	Unicorn-43655.exe	114
PID 416 wrote to memory of 5060	416	Unicorn-43655.exe	114
PID 1624 wrote to memory of 3900	1624	Unicorn-41801.exe	115
PID 1624 wrote to memory of 3900	1624	Unicorn-41801.exe	115
PID 1624 wrote to memory of 3900	1624	Unicorn-41801.exe	115
PID 3712 wrote to memory of 3708	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	116
PID 3712 wrote to memory of 3708	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	116
PID 3712 wrote to memory of 3708	3712	c9076d61a486ce182f8a6bb5fff047c0N.exe	116
PID 2724 wrote to memory of 2892	2724	Unicorn-18139.exe	117

C:\Users\Admin\AppData\Local\Temp\c9076d61a486ce182f8a6bb5fff047c0N.exe
"C:\Users\Admin\AppData\Local\Temp\c9076d61a486ce182f8a6bb5fff047c0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        10⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        10⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        9⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        9⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        9⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        8⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        8⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        8⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        7⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        7⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        8⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        8⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        7⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        8⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        9⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        8⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        8⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        8⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        7⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        6⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        8⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41578.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        7⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        6⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        9⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        8⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        8⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        7⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        7⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        6⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        6⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        5⤵
        Executes dropped EXE
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        7⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        7⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        7⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
        6⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        6⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        5⤵
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        7⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        6⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        5⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21229.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        7⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        6⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        6⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        5⤵
        
        PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
      4⤵
      PID:16032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43635.exe
        9⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        9⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22233.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        8⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        7⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62683.exe
        8⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
        6⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        8⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        7⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56670.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
        7⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        6⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32837.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2026.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        8⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        7⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        7⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35429.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        7⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
        6⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        5⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        7⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        6⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        6⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        5⤵
        
        PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        5⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        5⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        5⤵
        
        PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
      4⤵
      PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
      4⤵
      PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        8⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        7⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51841.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        7⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        6⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
        5⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        7⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        7⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        7⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        6⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        7⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        6⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        7⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        7⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
        7⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        5⤵
        
        PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        6⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        5⤵
        
        PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        6⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        5⤵
        
        PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
      4⤵
      PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      4⤵
      PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
      4⤵
      PID:14948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        7⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        7⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        6⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        6⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        5⤵
        
        PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
      4⤵
      PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      4⤵
      PID:968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
      4⤵
      PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31443.exe
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
        5⤵
        
        PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
      4⤵
      PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        5⤵
        
        PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
      4⤵
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
      4⤵
      PID:14804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
    3⤵
    PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
      4⤵
      PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
      4⤵
      PID:16256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
    3⤵
    PID:9888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
    3⤵
    PID:14124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
    3⤵
    PID:15796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15887.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        9⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        9⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        8⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        8⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        7⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        8⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38709.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        7⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        7⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        7⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        7⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        6⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
        6⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        7⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        7⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        7⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        6⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        6⤵
        
        PID:364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        8⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        8⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        7⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56670.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        7⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        5⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        5⤵
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        7⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 636
        7⤵
        Program crash
        
        PID:12260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 648
        6⤵
        Program crash
        
        PID:8176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 712
        5⤵
        Program crash
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
      4⤵
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        7⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        5⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        5⤵
        
        PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        5⤵
        
        PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
      4⤵
      PID:11516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
      4⤵
      PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        8⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        8⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        6⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        7⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        6⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        7⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        6⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        6⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        5⤵
        
        PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
      4⤵
      PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
      4⤵
      PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
      4⤵
      PID:16076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        5⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        7⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        5⤵
        
        PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        5⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        5⤵
        
        PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
      4⤵
      PID:12720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        5⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        5⤵
        
        PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
      4⤵
      PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
      4⤵
      PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
    3⤵
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
      4⤵
      PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
        5⤵
        
        PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
      4⤵
      PID:13172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
    3⤵
    PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
      4⤵
      PID:13892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
    3⤵
    PID:8344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19628.exe
    3⤵
    PID:12680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
    3⤵
    PID:13760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        8⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        8⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
        7⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        7⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        6⤵
        
        PID:13264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 632
        6⤵
        Program crash
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        5⤵
        
        PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
        5⤵
        
        PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
      4⤵
      PID:16436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        7⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        5⤵
        
        PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
      4⤵
      PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
      4⤵
      PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
      4⤵
      PID:17392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1833.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        6⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
      4⤵
      PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        5⤵
        
        PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
      4⤵
      PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
      4⤵
      PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59395.exe
      4⤵
      PID:17376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      4⤵
      PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
      4⤵
      PID:4304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
    3⤵
    PID:8652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
    3⤵
    PID:12452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
    3⤵
    PID:16104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        7⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        6⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        7⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47402.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        5⤵
        
        PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        5⤵
        
        PID:6972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 632
        6⤵
        Program crash
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
      4⤵
      PID:1380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6341.exe
        6⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        5⤵
        
        PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43635.exe
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        5⤵
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
      4⤵
      PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
      4⤵
      PID:16396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
    3⤵
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
    3⤵
    PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
    3⤵
    PID:10844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
    3⤵
    PID:14136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        6⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        6⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        5⤵
        
        PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        5⤵
        
        PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
    3⤵
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
      4⤵
      PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
      4⤵
      PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
    3⤵
    PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
      4⤵
      PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
      4⤵
      PID:13588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
    3⤵
    PID:12704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
    3⤵
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        5⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
      4⤵
      PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
      4⤵
      PID:15568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
      4⤵
      PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
      4⤵
      PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
      4⤵
      PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
    3⤵
    PID:10056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
    3⤵
    PID:13568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
    3⤵
    PID:16468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
    3⤵
    PID:7576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
  2⤵
  PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
    3⤵
    PID:6980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 632
      4⤵
      Program crash
      PID:10080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
    3⤵
    PID:9172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
    3⤵
    PID:13072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
    3⤵
    PID:16492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
  2⤵
  PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
    3⤵
    PID:9920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
    3⤵
    PID:14332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
    3⤵
    PID:16296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
  2⤵
  PID:9964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
  2⤵
  PID:13508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
  2⤵
  PID:15804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4408 -ip 4408
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2696 -ip 2696
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6980 -ip 6980
1⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6972 -ip 6972
1⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5864 -ip 5864
1⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6036 -ip 6036
1⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6664 -ip 6664
1⤵
PID:15940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe

Filesize
468KB

MD5
384ef1edbfa7cf8f35875c771cf58803

SHA1
61295c518980c989fe81a9eae0d26faa870b4cdc

SHA256
10b14b53a47b02b040d5a0d40020d5d65ab1eb07ccfc6bffd17314589f25b3c8

SHA512
672091b60eccc91865e8f5bd54d992986d4e2c25c093af3892b9c8b005ab1f2a2006e1988db5812c37e7314255b1fdbfd1174c5c47ca1a47fd84235c458a3a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15887.exe

Filesize
468KB

MD5
5eb5892835513809b0426f0270512d81

SHA1
36c43eeb0aa0b366cd9a6515f565d1d334b1cf5c

SHA256
bcbbdbfc972cb9024488a7c7073560fc2533c297b9d31863cbd7d911f90c28bb

SHA512
cc5ff42ea9585cd0c7eb54b174c549d599045c8bfc06fdfddfc614b09289696a895c04ae296d821c8c207e5cc6c1a63cffe84a3d6f5e7bf7793cbd908c510739

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe

Filesize
468KB

MD5
37d2d00e494b49eebf241f984c979c32

SHA1
71fa6dd5759e7e2f6bfe1589bb5402f0084c09bf

SHA256
4f2bd92a15fad6dc9ae6e0448d8eaaaad860764091708415dc149dc1a4767156

SHA512
6844bfd2e1b226acdf879bfa561dd24064db735c2e6ea5c6b0c390638f2004d83be72b14a607f7750a1a794734a2f5bb97882cf19d93b624c6552c5ddb8b8e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe

Filesize
468KB

MD5
589e81e3a7a9d7834649a6fdbd12f26f

SHA1
bcffd9ff662e7a078eb3b784fabc5a757f935942

SHA256
8aceb0ec7d55f7bb32f9d17af228b699a28c66af36838ee1b3ed3b3131c68efc

SHA512
ca251ccabeb5e817c4d994fcd58a784f1d2e80ad3c4a981c796fbb90c4a02417e27942895f828c573361c76727d29ce6802eae3e1a9818e71af283d52cd4289f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe

Filesize
468KB

MD5
e9526701d0ce3e30acc4cfa140949f1f

SHA1
c5f79eb0f57286da6817ab45991f50e274ab2220

SHA256
8d6a0d217b8960243ad156a58d0afca60b2feba9917bb2039b9ac875297bd7c6

SHA512
6a7ae8be0066435e7f6d56a3171c5bfffe1af8b7da2ae2fcd0c26f3849a78663060c48de6535a4912246645ec93eeb7c67cfa7025d5fad866cb143cd6b9bc8a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe

Filesize
468KB

MD5
d89515a3c2cfbb17bcb2addc0b5f3b78

SHA1
1cf2f69c0d740561156254b8c613a2af332acb9f

SHA256
13b0992a091befffeb1c53c225c007d38c37e3d4f091c1c08c4cb8283827012e

SHA512
8988b40a5156da4865a62762351ea71bb242e5855921fadca5971b7016f708d9fa332014c16857ebdee5fcb383aac6311554757fcb24defe10aaa03c359b168d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe

Filesize
468KB

MD5
c29b226f6f53140028e6f4dfa711b267

SHA1
689306efad5483a55ca5f21abd63b11f1e52a479

SHA256
18fbbb026c546ab867b909605b7f649917a96b2ad27bbcd4184c2e8df0363e6f

SHA512
1e33f99568492f79cf11154d6cd249712ffb10ec33d3f3f63789c79c7a2cd071ebfd76251064261c59efa9ee9f3f533b01a3c641c234e05cb94c9523667165e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe

Filesize
468KB

MD5
2a87299b86f23b6a94b27c0bd9374510

SHA1
07709134b20545eb8b96e4a002f32f0cefbf5378

SHA256
f493ef4f79ccab4d331de9e2e45ff3d7816e38379f9e2160f1ed3d7fce3eeb3b

SHA512
4c6dc29a64612c0f89ed51f04d193e95fa2851224f2a91cd057fdf1a4d162e1e666caf764b27ae770c95200d7bb6b33d863549c27cd2ca102ab0a64dff5232e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe

Filesize
468KB

MD5
2f1fbcac2b389cc28095d39505eb7bd5

SHA1
f0b5b72b43458729bc195fa55de6930b3b55c2f6

SHA256
b016af9db651072cf83d9b387ee720dfc261c05d2a8d712bdccbac2ca9f833b3

SHA512
8f99816ae86541f57faeea9cfe8a50a6fc25cd4d1e8891be1132d93e0185b3ede81a802c6d34c100b1e53ba65dd56d90836d4d8ba5e8959c05774e14e4f67694

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe

Filesize
468KB

MD5
28bc640142099f97514bdc0f4cbfb8d5

SHA1
006e51fb3500b79702a78492bebf1c8126026181

SHA256
fd7b23cc2356a9020d05e897e4d260366d97fcdc4e5602c19edc3777227f40c0

SHA512
cb0b030d50717b43d5209e89a2b0e9f3483f87fd1694f43c3fb8a0809742fa5df0075dbc12a91126fa7538691ae90b0165af887192983542ec4665009fff7f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe

Filesize
468KB

MD5
adba9bd57fcaca83f6ba8829c6e63669

SHA1
9a00b7ea22c9dfd881b73f8d68b5a6c11389c2c3

SHA256
21a9405114ab2007a8dc771d134799d013062e7b5b0ea251cdb05798f512e567

SHA512
8075c3fdb13b73e6900ef0078f86ce3af31c2ab2454aa07f809b27b0bd723b8e701a389c94ba58e1f1344878fdc12090de1efbe39e867562b7462fc66beb16c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe

Filesize
468KB

MD5
e4400bcc42ad5f0289a2d8fb77b01aab

SHA1
520f3223ef836e55c6b8b9d2eed4f1150ca9ca2f

SHA256
8c9fc773a37c8f8e3d9a24af8b1461ce33f91f6cf181f7f00743c31fee75d529

SHA512
d255bb0bf25e2a66bd93a2219085a2a4dd47946590b8591efd0ff70b49e617510d41123a763f8dbcadf4442e7bd8e23f185a6181d272c985e474491f4a5b2934

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe

Filesize
468KB

MD5
2ea33c36cf37cf90ca1bfecd39c2c7bb

SHA1
73bf72541cbbd7a3b52511c7e7c622381fb140e3

SHA256
9e36ab054333429d484bb7c4742dfb70a1bdbde07f8e1023ad08657da2604cc2

SHA512
693d5762487afd9468fddd88995d4b520eaca84b57379974034155c51b3c64d52ba9137248b6aa27565943716bdccd5290ed71618732f5cd99e12190e56cc9ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe

Filesize
468KB

MD5
d72b4df29ecd73df8a3a8b45b6e169a2

SHA1
40a26d2894f34b42d67cf6ff96d99bef92031089

SHA256
9bec334d514b1b566a692f6841d5e6f2628e2c8b25157e1af8d3db44828a24f6

SHA512
6d23e9ae8936c6de49da2bf989065aa2489adf9bec87a73e64c8e512418ab73be1884677bea4a781439da2ee6aa3871282c23ef04716bd6bc0ef049814acd4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe

Filesize
468KB

MD5
9b646e988ae0d68da4569f5226a21a4e

SHA1
7a1a16ab8505688c42266290ac1685bb60901256

SHA256
103e5beab35457bf150a2192fccb4e6fca32ce04879a8bf74602f4861b7ae2f1

SHA512
0a0eddce53483758f56d04a56ed2b1f4661a1c9e3e2c7db684f76a6feafd95f5baa2986b7ed0de71c55163c11200215a83a2a91728dbda1d54d31621d7b559ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe

Filesize
468KB

MD5
5506b71ae2162a2096b83eca668d634a

SHA1
ed33ad4e0e17fd46b837edb59bceea6d4145f9a6

SHA256
373bb348349a9622705033efad6a5258be94b22fc09046445885580bfa809508

SHA512
2c35704b066adda8aef9aea6163c54aa0ada3172e509a2e0aa0020cc1e37a8dbf95468bc1b20248ff3c02557f3a75022f1caa5a7cb6e37565204df8d08ee4ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe

Filesize
468KB

MD5
e3b8f92e68df37b88234071db197335f

SHA1
00938a19108aeea2e64def0211329a23d0d9fb34

SHA256
19506c538230b2ff8c7c47893bc75a4660f8b825165738bee8b52f2118680376

SHA512
2a23a1a7380ad9030d533963712bbaf0c7e911af51c512b2b781f737748f773ec956106496e8c0e9fbea9b1c7dba7f212054bcb2b72c5d4dba868c2ba9818a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe

Filesize
468KB

MD5
d9454a37c7eab8b2595b990676be7ad6

SHA1
fb526066cfd8069ae780a82319252e07c3c66f82

SHA256
affa0a674738972da96b1fccf719a5a7cb0800df9e72c039ed2206948701598e

SHA512
c04de19b3d6c285725e2f809d82d9f11dab475db0913c4688e6f03dbed1b21b549c117ec7d4c09d83801a7c581aae74a31e10cb5e1bb407e6163aeebfe8c3c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe

Filesize
468KB

MD5
a91b5b0fef208580d499a699d697e4e3

SHA1
d6f03f8d21cb862b51aad9d40cacd988ec696f43

SHA256
20890703bfe24208860da0c47508a1b2298f7a6e291888705303deed8550daac

SHA512
0f43b1c05f7cfdf1751fb037237884ad0d1f7e398259b055644777c2e961b0df3a88186d0df6491f14bf443c93c881f6bf246116098875f97de9e0105196c849

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe

Filesize
468KB

MD5
a4aa1691b5aac50bffb5181c4941d6b9

SHA1
e4c7481fd95d769d37b9f16eb8dc6170355af467

SHA256
dd68bac32f49e59b46fde23fc8194cfcb499dc9134e6f87458d5fc3d4c7010ae

SHA512
b7a1ebfe62dab2368b438a96cad052dc61139f83bf9de89919293d284027e7d90999b2f0852074b3452e329d5a3234a2162238d3caf669268bbf0d0bd0086943

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe

Filesize
468KB

MD5
fc187a4a940353f9fa848e8cef32437f

SHA1
968e9a083666106b2089d4a2beda82ecf6ef8167

SHA256
74c91b91fa79e638fb3b24dd10394aeaddbe966c6c96bfe6343fbc763e238994

SHA512
cd51fec8d2ba242c932e22c9f7b02d0d6f425feff4c68e1222e65ca45d6d785f6e2c2fcf1fa9c2ba22b7d6e342c04add77a65e27ab9dce332b01ba60b3b73104

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe

Filesize
468KB

MD5
4728012fbd9ea4f1054ef75cf2ecc958

SHA1
aedb17c7582cffa32b833b74574a4d7e61026371

SHA256
2e068074230d3bfd4225a17dbba604402c2e6131b8b80e849fe8e1c0dc051dfd

SHA512
5e5a96c191f493c3e40cad47f16cc18571358922ddd0bd2d055e38bbf89f599dc2e67a37e40e3a9a0976cd34f340b6e32024bd1bb794525fa7d6628180b91848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe

Filesize
468KB

MD5
b4a48d6ed18c0252227092802c8cde9c

SHA1
03be0acc3edfe23d0f252e606bb04de470712546

SHA256
2f6a29dde61a6f8f70d5867215389e4aed063f195e869b89cd01b994103c4fd6

SHA512
cdafb30e407991b6deff1884dece2eeba7d6e1f160a1d0861eda6d45e864cf3c084dfefdb12cf3a08a885e67bcbc7ab42cc0ace68a678ffa853cb55f9d87a732

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe

Filesize
468KB

MD5
4c9ae3021db66d411e85cf67c7a9f5fa

SHA1
79cce7a0f67dda1cda364981b3ac1ace9f2016d9

SHA256
190032975214845f9a9da3775ba5958e763f19e9f40583060d2c1ffaf39591ba

SHA512
cf439f11f6ea73acd0894745ae035a3f634cf45a50b8d106746353a0621d161673d7b53f09b60fa27adcb9168bf49800d522e85a9c6723b238dc88ed74db3100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe

Filesize
468KB

MD5
1c6fcdfcd648a11aee7af04b8fd5191d

SHA1
49be295dc96d6c6c4f3d9776fc52e120bb3a02e4

SHA256
a191923d3c211318ff7749898b3a6f8433bd0c61e0d465baa083ab3115115fa6

SHA512
99de729b297f05a94fe76b060f9ce16a4030b26670100c20bb53f25f6253f3179af0d797bed42195ac485727b695118e98e611a2638b9b3d9b7e30fe994b5c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe

Filesize
468KB

MD5
91a8d583e3713237851f528bb20c71a5

SHA1
a5be7b744e52a43fa0ff57893f27c029df08ba4b

SHA256
c5d62c0dc6edd9841ee2dd536c7d29c17d5ab47c73f94423a27844dc08c85689

SHA512
f7bf9ca431dd13959cdc00ca4bfb3ebdd27aa66ebb23750597192af58993cac8bf0ff64535a364a0282ae54672cdf198b7febbe8216017ec0ea009edf693816f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe

Filesize
468KB

MD5
69a07243d2b7a26541ed0ba87fdfbdb7

SHA1
4e39e75397d88f65991a43a01d1a1603f327e3e2

SHA256
087c039c977fef2055a09391574281cd4bf7d71598a655deccd64ce820f21ffe

SHA512
03b623d4d23838c87941d29f9289c6537494e296e9990069159cb3ddca916f67a3a8ef5eb9f5f5666f639025e6c051fdfcb44b186cc2e9585ad778a8201c957e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe

Filesize
468KB

MD5
692ef52a8f184eda8581c389faf935e2

SHA1
79d1d0e21f84e111f147306a4355f16f5170caab

SHA256
4e03c583137048402c2645976739cf1471996ad86203a793c2f8d0eaae6d2338

SHA512
8faced681d99a0d6858cb7802e3c4aaea79e83b46b54577e398febde5aea24cc2d815358ee3a8c41f511b72538c5b842506f0cb1d19bb3e6d28120d6d114f5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe

Filesize
468KB

MD5
44ba680129d3f8ad43a40b298945a9da

SHA1
87dd7159282723a807ff2f90387d4ec09851ea96

SHA256
a9c8ad8186e7e003782b56564735a6e9705abf483e8ba214f94987b98e4ff93c

SHA512
90179d70c5749ce7445bb761c426a7ddd660b866674e56347b9b61cd21032e78ebfb71a0ab513e8052d3ce3de49a41c8a198f7273e168efc7f0804af84707aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe

Filesize
468KB

MD5
38d756a100df2afb9eacbeacfe0587be

SHA1
89aade18ffa8340526e0ef378028760bee6dd02f

SHA256
d5ec40d87dd4022a04aae0a82971c758a6b5f96393a70ef3fa044d4544c899ff

SHA512
1e494a081c568cbd50e25dee5cbf97db95d4d3c5e1b091b5ff82a967f86f50250e5d1e3a9ae18621bb0b67f1df8d281fcab162a2ce28aca602ad5cc61c8d0875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe

Filesize
468KB

MD5
b3d4a75749feda341de11838c358e106

SHA1
fd0d9b63333dd694df78f445c606bd01805509ca

SHA256
405d7fcacc13fdab5e46cc7c1417ea42bbe46c93bb3bf0a9c8171c23eb315576

SHA512
b442321260962524318915a81357b7ad9f8d53028ffbc64ef72125761145d716152827e57f23d88cbe36c5510b273d25342176977ceb778f2560b3abb1db9add

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe

Filesize
468KB

MD5
0255eba5294ca5255482ee5602d4f570

SHA1
d5334be92c32194d9c53ffc9101ae1c4c1a9b0a5

SHA256
406cdc8752245743f1e80a7b18ab85727e3622c1c2633f6a04c554f238ac0ceb

SHA512
2e7d37e5b244e1408667abe9f6eee907843e1d2d1a4f32ca0b62e7109fdc2dfbe94467f355eac73d528c8ca74e78ec8306b8f9bb4fe1bdbe50873a8c55a63c29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe

Filesize
468KB

MD5
a2fc3355a1cb3830c6a6e16f48c42cd9

SHA1
a5e2806059f0c85522410d228fcf043dc884570d

SHA256
7529f25bea028449d28d931204c00f99e8c742996893dc0db7091b9dfd151c28

SHA512
aa4d52ee667af731b2b659fd772bdcea09c823f36948bc768fc0b3b24c73a245dfe0121a4302977701ba4769dd54b5c125961c3f113011d57d9a9dbb6d23c965

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads