d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe
Size

184KB
MD5

57bd3aad4ca1eca82a434f3ed1443e73
SHA1

a2448ce4bd759dd7d80306bb7f84c2c30a0c1e40
SHA256

d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8
SHA512

7fb25fba3fa33deb3987f652d6f3c2b67294bff9f8dffd92f2996860c231a9429e1bf80f25b018aace08671365040c413db6b44f17beb7611d9395b5e43c9477
SSDEEP

3072:O+k6fgonYjR9nqXnYi7e8sxz+lvnqnxiuE:O+qoCpqXm8kz+lPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3256	Unicorn-27617.exe
4432	Unicorn-43665.exe
2208	Unicorn-56280.exe
924	Unicorn-60209.exe
1256	Unicorn-60209.exe
1568	Unicorn-40151.exe
1656	Unicorn-53887.exe
2988	Unicorn-63105.exe
2480	Unicorn-63105.exe
3172	Unicorn-59384.exe
2352	Unicorn-26327.exe
2440	Unicorn-29857.exe
5112	Unicorn-29857.exe
2744	Unicorn-23534.exe
2760	Unicorn-29400.exe
392	Unicorn-11792.exe
1136	Unicorn-18721.exe
3460	Unicorn-31719.exe
4332	Unicorn-47864.exe
3596	Unicorn-34673.exe
4844	Unicorn-34673.exe
2912	Unicorn-51201.exe
4916	Unicorn-34481.exe
4744	Unicorn-61215.exe
5008	Unicorn-34289.exe
1860	Unicorn-14423.exe
1064	Unicorn-63624.exe
2804	Unicorn-28158.exe
3420	Unicorn-50552.exe
1536	Unicorn-34289.exe
1308	Unicorn-41887.exe
1952	Unicorn-14304.exe
3040	Unicorn-45752.exe
3496	Unicorn-61512.exe
3536	Unicorn-65041.exe
2972	Unicorn-398.exe
2244	Unicorn-22289.exe
1600	Unicorn-5760.exe
4772	Unicorn-2039.exe
4708	Unicorn-31918.exe
4408	Unicorn-25745.exe
4900	Unicorn-9408.exe
4864	Unicorn-41697.exe
3160	Unicorn-25096.exe
1152	Unicorn-21639.exe
4596	Unicorn-32574.exe
2856	Unicorn-41505.exe
2164	Unicorn-57649.exe
4452	Unicorn-41121.exe
1300	Unicorn-34990.exe
3884	Unicorn-24785.exe
1648	Unicorn-25854.exe
1364	Unicorn-40856.exe
3488	Unicorn-54015.exe
780	Unicorn-8676.exe
4668	Unicorn-25854.exe
2432	Unicorn-40929.exe
2104	Unicorn-40279.exe
3068	Unicorn-60145.exe
4748	Unicorn-40279.exe
4952	Unicorn-3076.exe
5056	Unicorn-34401.exe
4976	Unicorn-47400.exe
4496	Unicorn-19409.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
5160	4196	WerFault.exe	127
7900	5944	WerFault.exe	221
8252	7928	WerFault.exe
11072	6324	WerFault.exe	275
15856	14100	WerFault.exe	679
5292	5724	WerFault.exe	1061
17372	6548	WerFault.exe	1036

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17828	Process not Found
Token: SeChangeNotifyPrivilege	17828	Process not Found
Token: 33	17828	Process not Found
Token: SeIncBasePriorityPrivilege	17828	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe
3256	Unicorn-27617.exe
4432	Unicorn-43665.exe
2208	Unicorn-56280.exe
924	Unicorn-60209.exe
1256	Unicorn-60209.exe
1656	Unicorn-53887.exe
1568	Unicorn-40151.exe
2988	Unicorn-63105.exe
2480	Unicorn-63105.exe
2352	Unicorn-26327.exe
3172	Unicorn-59384.exe
5112	Unicorn-29857.exe
2744	Unicorn-23534.exe
2440	Unicorn-29857.exe
2760	Unicorn-29400.exe
392	Unicorn-11792.exe
4332	Unicorn-47864.exe
3596	Unicorn-34673.exe
3460	Unicorn-31719.exe
4844	Unicorn-34673.exe
1536	Unicorn-34289.exe
3420	Unicorn-50552.exe
2804	Unicorn-28158.exe
1860	Unicorn-14423.exe
1064	Unicorn-63624.exe
5008	Unicorn-34289.exe
4744	Unicorn-61215.exe
1308	Unicorn-41887.exe
2912	Unicorn-51201.exe
4916	Unicorn-34481.exe
1952	Unicorn-14304.exe
3040	Unicorn-45752.exe
4196	Unicorn-80.exe
3496	Unicorn-61512.exe
3536	Unicorn-65041.exe
2972	Unicorn-398.exe
2244	Unicorn-22289.exe
1600	Unicorn-5760.exe
4772	Unicorn-2039.exe
4708	Unicorn-31918.exe
4900	Unicorn-9408.exe
4408	Unicorn-25745.exe
4864	Unicorn-41697.exe
3160	Unicorn-25096.exe
1152	Unicorn-21639.exe
2164	Unicorn-57649.exe
4596	Unicorn-32574.exe
2856	Unicorn-41505.exe
1300	Unicorn-34990.exe
4452	Unicorn-41121.exe
1648	Unicorn-25854.exe
1364	Unicorn-40856.exe
3884	Unicorn-24785.exe
2104	Unicorn-40279.exe
4668	Unicorn-25854.exe
3068	Unicorn-60145.exe
780	Unicorn-8676.exe
2432	Unicorn-40929.exe
4952	Unicorn-3076.exe
3488	Unicorn-54015.exe
4748	Unicorn-40279.exe
4976	Unicorn-47400.exe
5056	Unicorn-34401.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 3256	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	90
PID 1296 wrote to memory of 3256	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	90
PID 1296 wrote to memory of 3256	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	90
PID 3256 wrote to memory of 4432	3256	Unicorn-27617.exe	94
PID 3256 wrote to memory of 4432	3256	Unicorn-27617.exe	94
PID 3256 wrote to memory of 4432	3256	Unicorn-27617.exe	94
PID 1296 wrote to memory of 2208	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	95
PID 1296 wrote to memory of 2208	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	95
PID 1296 wrote to memory of 2208	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	95
PID 4432 wrote to memory of 924	4432	Unicorn-43665.exe	98
PID 4432 wrote to memory of 924	4432	Unicorn-43665.exe	98
PID 4432 wrote to memory of 924	4432	Unicorn-43665.exe	98
PID 2208 wrote to memory of 1256	2208	Unicorn-56280.exe	97
PID 2208 wrote to memory of 1256	2208	Unicorn-56280.exe	97
PID 2208 wrote to memory of 1256	2208	Unicorn-56280.exe	97
PID 3256 wrote to memory of 1568	3256	Unicorn-27617.exe	100
PID 3256 wrote to memory of 1568	3256	Unicorn-27617.exe	100
PID 3256 wrote to memory of 1568	3256	Unicorn-27617.exe	100
PID 1296 wrote to memory of 1656	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	99
PID 1296 wrote to memory of 1656	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	99
PID 1296 wrote to memory of 1656	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	99
PID 924 wrote to memory of 2988	924	Unicorn-60209.exe	103
PID 924 wrote to memory of 2988	924	Unicorn-60209.exe	103
PID 924 wrote to memory of 2988	924	Unicorn-60209.exe	103
PID 1256 wrote to memory of 2480	1256	Unicorn-60209.exe	102
PID 1256 wrote to memory of 2480	1256	Unicorn-60209.exe	102
PID 1256 wrote to memory of 2480	1256	Unicorn-60209.exe	102
PID 4432 wrote to memory of 3172	4432	Unicorn-43665.exe	104
PID 4432 wrote to memory of 3172	4432	Unicorn-43665.exe	104
PID 4432 wrote to memory of 3172	4432	Unicorn-43665.exe	104
PID 2208 wrote to memory of 2352	2208	Unicorn-56280.exe	105
PID 2208 wrote to memory of 2352	2208	Unicorn-56280.exe	105
PID 2208 wrote to memory of 2352	2208	Unicorn-56280.exe	105
PID 1656 wrote to memory of 2440	1656	Unicorn-53887.exe	107
PID 1656 wrote to memory of 2440	1656	Unicorn-53887.exe	107
PID 1656 wrote to memory of 2440	1656	Unicorn-53887.exe	107
PID 1568 wrote to memory of 5112	1568	Unicorn-40151.exe	106
PID 1568 wrote to memory of 5112	1568	Unicorn-40151.exe	106
PID 1568 wrote to memory of 5112	1568	Unicorn-40151.exe	106
PID 3256 wrote to memory of 2744	3256	Unicorn-27617.exe	108
PID 3256 wrote to memory of 2744	3256	Unicorn-27617.exe	108
PID 3256 wrote to memory of 2744	3256	Unicorn-27617.exe	108
PID 1296 wrote to memory of 2760	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	109
PID 1296 wrote to memory of 2760	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	109
PID 1296 wrote to memory of 2760	1296	d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe	109
PID 2480 wrote to memory of 392	2480	Unicorn-63105.exe	110
PID 2480 wrote to memory of 392	2480	Unicorn-63105.exe	110
PID 2480 wrote to memory of 392	2480	Unicorn-63105.exe	110
PID 2988 wrote to memory of 1136	2988	Unicorn-63105.exe	111
PID 2988 wrote to memory of 1136	2988	Unicorn-63105.exe	111
PID 2988 wrote to memory of 1136	2988	Unicorn-63105.exe	111
PID 1256 wrote to memory of 3460	1256	Unicorn-60209.exe	112
PID 1256 wrote to memory of 3460	1256	Unicorn-60209.exe	112
PID 1256 wrote to memory of 3460	1256	Unicorn-60209.exe	112
PID 924 wrote to memory of 4332	924	Unicorn-60209.exe	113
PID 924 wrote to memory of 4332	924	Unicorn-60209.exe	113
PID 924 wrote to memory of 4332	924	Unicorn-60209.exe	113
PID 2352 wrote to memory of 4844	2352	Unicorn-26327.exe	115
PID 2352 wrote to memory of 4844	2352	Unicorn-26327.exe	115
PID 2352 wrote to memory of 4844	2352	Unicorn-26327.exe	115
PID 2440 wrote to memory of 3596	2440	Unicorn-29857.exe	114
PID 2440 wrote to memory of 3596	2440	Unicorn-29857.exe	114
PID 2440 wrote to memory of 3596	2440	Unicorn-29857.exe	114
PID 3172 wrote to memory of 2912	3172	Unicorn-59384.exe	116

C:\Users\Admin\AppData\Local\Temp\d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe
"C:\Users\Admin\AppData\Local\Temp\d44642230c6750dba6ae8de097f5224eb5f7eea0fa8d2b79d7b5d587ba9d05b8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
        6⤵
        Executes dropped EXE
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 724
        8⤵
        Program crash
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        8⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        8⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62228.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        8⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        8⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        7⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64545.exe
        9⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        9⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        9⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        9⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        8⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        8⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        8⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        8⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        7⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        8⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        8⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        7⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        8⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        7⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        6⤵
        
        PID:18016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        6⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        9⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        9⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        9⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        8⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 464
        9⤵
        Program crash
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        8⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        8⤵
        
        PID:17832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        8⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        7⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
        6⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        8⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        7⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        7⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45583.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        7⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        7⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        8⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        8⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        7⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        6⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        8⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        7⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        6⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        5⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        5⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        5⤵
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        8⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        9⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        9⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        9⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        9⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        8⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        8⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36775.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        7⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        7⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        7⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        6⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        7⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32568.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        8⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        8⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        7⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        6⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        6⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        5⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40905.exe
        5⤵
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        7⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        7⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        7⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21226.exe
        7⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        7⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61608.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        5⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        5⤵
        
        PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        5⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
      4⤵
      PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        8⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        8⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        7⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        8⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        7⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        7⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        6⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        6⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        8⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        8⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        8⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        7⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        6⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        6⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        6⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 464
        7⤵
        Program crash
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        5⤵
        
        PID:16024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        7⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14100 -s 464
        8⤵
        Program crash
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        6⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        6⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        7⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        7⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        6⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        7⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        7⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
      4⤵
      PID:5944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 488
        5⤵
        Program crash
        
        PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
      4⤵
      PID:16996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        7⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        6⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        5⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        5⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        6⤵
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        6⤵
        
        PID:18404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        6⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        5⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        5⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
      4⤵
      PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
      4⤵
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
      4⤵
      PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        7⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        6⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        5⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        6⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        5⤵
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
      4⤵
      PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
      4⤵
      PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        6⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        6⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
      4⤵
      PID:6324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 632
        5⤵
        Program crash
        
        PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
      4⤵
      PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      4⤵
      PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
      4⤵
      PID:17588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
    3⤵
    PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        5⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        5⤵
        
        PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
      4⤵
      PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
      4⤵
      PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
      4⤵
      PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
      4⤵
      PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
      4⤵
      PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
    3⤵
    PID:9352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
    3⤵
    PID:12956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
    3⤵
    PID:16632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
    3⤵
    PID:18348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
    3⤵
    PID:6560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        8⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        8⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        8⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        8⤵
        
        PID:18260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        7⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        7⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        7⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        7⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        7⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        7⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        7⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        6⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        6⤵
        Executes dropped EXE
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        7⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        7⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        7⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40561.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
        7⤵
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61768.exe
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        6⤵
        
        PID:17748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        6⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        6⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        6⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54969.exe
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43171.exe
        5⤵
        
        PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        9⤵
        
        PID:18412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        8⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        8⤵
        
        PID:17844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        7⤵
        
        PID:18056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        7⤵
        
        PID:18364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31102.exe
        6⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        6⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        7⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        7⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        6⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        6⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        6⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        5⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        7⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        7⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        6⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        6⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        5⤵
        
        PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        7⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        6⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        6⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        5⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
      4⤵
      PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
      4⤵
      PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
      4⤵
      PID:14684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
      4⤵
      PID:18176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        8⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21078.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        7⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        6⤵
        
        PID:18248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        7⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        6⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        6⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        6⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        7⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        7⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11066.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
      4⤵
      PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
      4⤵
      PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
      4⤵
      PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
      4⤵
      PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        7⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33044.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        5⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        6⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        5⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
      4⤵
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        5⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        5⤵
        
        PID:16616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
      4⤵
      PID:15588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      4⤵
      PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
      4⤵
      PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
      4⤵
      PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
      4⤵
      PID:8504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36046.exe
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
      4⤵
      PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
      4⤵
      PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
      4⤵
      PID:18052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
    3⤵
    PID:7736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
    3⤵
    PID:9244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
    3⤵
    PID:13408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
    3⤵
    PID:17000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        7⤵
        
        PID:18388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        7⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        6⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        6⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        5⤵
        
        PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10282.exe
      4⤵
      PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
      4⤵
      PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        7⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        6⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        5⤵
        
        PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        6⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
      4⤵
      PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
      4⤵
      PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
      4⤵
      PID:18160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        6⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
      4⤵
      PID:9704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
      4⤵
      PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
      4⤵
      PID:7368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
    3⤵
    PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        5⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
      4⤵
      PID:15964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
    3⤵
    PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
      4⤵
      PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
    3⤵
    PID:9788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
    3⤵
    PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
    3⤵
    PID:16580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
    3⤵
    PID:16864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        6⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        5⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        5⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
      4⤵
      PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
      4⤵
      PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
      4⤵
      PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        5⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        5⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        5⤵
        
        PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
      4⤵
      PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
      4⤵
      PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
      4⤵
      PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
      4⤵
      PID:17624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
    3⤵
    PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      4⤵
      PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
      4⤵
      PID:17368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
    3⤵
    PID:8960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
    3⤵
    PID:13116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
    3⤵
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
    3⤵
    PID:5724
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 76
      4⤵
      Program crash
      PID:5292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
      4⤵
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        5⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19235.exe
      4⤵
      PID:16528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
    3⤵
    PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
      4⤵
      PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
      4⤵
      PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
    3⤵
    PID:8032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
    3⤵
    PID:11432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
    3⤵
    PID:15228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
    3⤵
    PID:17696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
    3⤵
    PID:4960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
    3⤵
    PID:7908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
    3⤵
    PID:10836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
    3⤵
    PID:14820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
    3⤵
    PID:18268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
    3⤵
    PID:17520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
  2⤵
  PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
    3⤵
    PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
    3⤵
    PID:10148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
    3⤵
    PID:14584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
    3⤵
    PID:18092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
  2⤵
  PID:8168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
    3⤵
    PID:16356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
    3⤵
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
    3⤵
    PID:6644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
  2⤵
  PID:11256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
  2⤵
  PID:14468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
  2⤵
  PID:18080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
  2⤵
  PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4196 -ip 4196
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5944 -ip 5944
1⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7928 -ip 7928
1⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6324 -ip 6324
1⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 14100 -ip 14100
1⤵
PID:15748

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:3652

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:6588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe

Filesize
184KB

MD5
0e4111f94126a3f9fe778fda8e244a9a

SHA1
7f4e8fb54cb8d351b4ee2b98d202e9f172258fb5

SHA256
6d057d411eff2f85cb8553e2155dc4fee66e65a5e1e3084a93ed603190f3d872

SHA512
e00ed607da7cb4fb3575c9b3316b621a5a2787bec27bc842b772ac859dbb44003f00b32c0a27ec3f0885f0893109e7434aa8500fa5a5cede8d69640ab1a55193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe

Filesize
184KB

MD5
3b8afb90ce8b52a6763cdcdf6beb5769

SHA1
127600458f2af18cf35cb55cb92935d092e80aea

SHA256
635c7a0559006363ece67804405228fc18c011c97ffb6bc4c85fe12a3dd1b6a8

SHA512
e3bde4e1835e95ffd1fa0f4fea2f7b238c81597dc181e7b06a9043d29c078aa66506e7549370aa7a726c5208d5c69f535037eda1ecea77de7e6e40084c953d30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe

Filesize
184KB

MD5
d23757f7a89b14db75708f3ebd6bf444

SHA1
68de9b2050d364254b84af91b85d294c320f04e0

SHA256
9f122fdbbbb9deca641b34bc5fa060ee245e6507e7d4064806e3e90a07c1b88d

SHA512
a9be8d01d0dab2121776a73bfe9d6ecb3f6f8e7e45f864b2b250bc4198c1949ee3474283f0ff7659e4139bbd18827c0e7b6d575d9e843e305c6cef0ff85d91f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe

Filesize
184KB

MD5
4ee3dba8681c81485a91d9072bdeef7c

SHA1
beef3cdc79049372763ac0ff37a2f66ec7d595ca

SHA256
f98612ba64bef3b5e6ebd103774539d6073843098de0c58c3d08217c2a5a10d7

SHA512
7d14d2bef56bfc7fc5a9aa0e6e49a4ee5c427ef510e9e2f04492bf48b1b9a5efa47dca4700e898beec7544107a43d6480743648ed1c6d7e9a5c516d6005b1de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe

Filesize
184KB

MD5
6bf6c2e4139debf41abc8cb81c5b18dd

SHA1
e758c6c1f7524f0e21e8c1a7c52b254d308ca097

SHA256
ca9f6858cb64e87b3d185bb1e761e575831dad1195509f7631a30d32ccad0617

SHA512
63a679e016d008fae4ecebb553e58d4f01a880d93016946d9c9fdd9d5f2d844bc1433dbf08547416d0b5a12f24f74c73e063593019b211a03c2aabb68dc4f587

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe

Filesize
184KB

MD5
b05129f0d8aba035fef171e983a48222

SHA1
a12e4dfbf23b71ed9c9092008b39749c70665b41

SHA256
8b205ef670eba1ce9a17e409a17494a0c1348b1ed27a0b2c8c51acc39f7bc4a5

SHA512
675fd94787a4cab184c25b93435a6f6e43ab0dc265c1e59edcff69f935d7e27c78f089042f4118b19925e6468ef8bfa826407e716e3c075cf2df0c9b1ed91b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe

Filesize
184KB

MD5
a91e836cbaeaaceaacb480f9bda46636

SHA1
92c9220ab31a52eabae5d9978bd9326f01119032

SHA256
57a54b6526ee2b3cd49d22e09d46e2cc0f087562aaab42fbd48ed2e86973ad32

SHA512
b448ff453f4a6b2becbfc4f37e143bdb2ce5baf52709925d2021334f8ee13dcb82deb8acd3d010214c3f13eccc015cb1795cf962209dc31d70017557eb01ddf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe

Filesize
184KB

MD5
9d7b27654c3c522fc9ca7d337f77558f

SHA1
cda7b33a7980cf7a03ec4ec1746da0e9632b9e84

SHA256
c580fa940c98d56b800087921c0413642e50c5bde89a04ac6236035c954cfdfe

SHA512
2e2456a8680e80dec69125fdfb270d332063727304cf711e01ded4a0be91df779c90dcc4e359e2ad06f0d01c2371225b37ec0bfb5a5ce94b6bac2ea406e772c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe

Filesize
184KB

MD5
c55c9558cff82e271671e78ac900efd8

SHA1
68abd53db94fd05cc2fd11b9c08a8d62ecd83e85

SHA256
54db90ba54a7934b47819e24c855dc20c230c7d7074814f7b3c9042084fc4990

SHA512
cd47be20510ab496a695d9f328f2b492640ec58e01c827cc5aa7a9b5a0843fc9e0c915f71f04feeedb4ec055dbae06bad4f280bc0b3f18a73aa3af4f79b21f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe

Filesize
184KB

MD5
66bc816d89263f9fd6979b20afe4e1af

SHA1
bfc9171ca6d4f7111f2d147b0c8d0560ecf3919a

SHA256
a69e6068a79d651ccbf59aa0e2daa1e189eb5da5d1764306029bfbc020a2f653

SHA512
ad1d74197bd6368e1239ade9e195728f3b6ff6989ad92ef57a900457935ff45415896e6c7c6c9d17da4c3bcb78a28d35779838fee5725bba9f813094b4c0da39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe

Filesize
184KB

MD5
caebf2430adb2fa9fbf307b41ee2beee

SHA1
ee3941063f0ddfb3c0b1936ba5e5723873439d34

SHA256
3b78d54c1aa897a48348152d08a087529a49f7cd60f3555453fd1466b96580eb

SHA512
ac28b1ec1c7051d2d10646a87eb13e698ae85de610acc53f4f0ba9bf507be80f76553e8e3a8d3129d9116a156be3dbe215796c4ec6179ca5e05edc4963928b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe

Filesize
184KB

MD5
7b762f43f0fcc47fe2a1cb27a9f37f0f

SHA1
78ab1aa1e39b7599103c236426a0c1620d08f945

SHA256
39b33220afffec2bf3cb4c0ff80897c521c84f72232e2bc559fc0bdd14d157a6

SHA512
4406fcfa8c4de445c658d56fcf8b258fda98fad41834295731c265e9ccf1fbb77c103479823ee0bce0b602e22d0a8fac3d8e17a382311673cc017f80bff109ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe

Filesize
184KB

MD5
04177733e3ef9c8618652325554c536b

SHA1
ff73f5930fa246b1de96237b0adf2aaa68685855

SHA256
def70c23da30096758cda8c4713325fa97ac7516832f89cbf5acb172a104b06e

SHA512
8377b4f00f121e1e9a7a793a9ae6f1a43062c7a5ebe86449c1b21d4ac7e1eca1c6b3d49a1cd4047b3bc2dcf225e54777df5e454f55d69c06df202cc71902fecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe

Filesize
184KB

MD5
e8a604bbe18898af0913cfccf5761419

SHA1
605b310e096e15e8bfecf76c4b4d019a6fdad9a3

SHA256
4bcfe408c9fcda79fca344fb0d253d782b0d917ded407f458cd96fae85f661f7

SHA512
8cdac6235506d9a7bf9fa4468ab3f912c1f5f71ea5737fe25a7b72dab5b0f28e59c3f2158b06ebf2b961a5e790d265f9813d138bf8caedae4d97f319549ded56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe

Filesize
184KB

MD5
c814a97f26033c342784be0ee55374ad

SHA1
69f6f9ae95f3b1100684b4932794159379968544

SHA256
eda5a3c8ae1f28b0ebe5aa838ec57d78587d1397b56f943e43eca62effd2db4a

SHA512
ea634077c51701d104395fc01983bfb2832f3850284351f56759189c900b36eab60012b60bc047c9a8130c594c599e7927ce68b3d011fca6e00c2d91c10eff63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe

Filesize
184KB

MD5
cd6e386ed290faeee4ffda8bf810fccd

SHA1
0bc62c1b207af488d71d4ef8b25c121c0e50609e

SHA256
049853822fa5aa1f9d3d629895935c2b5f3479e21feae935f705c476302f9dc3

SHA512
95e1bbf8536991a006fc6c378fc2ef20e274997fa3234fe06f64253b23ca550de5b0de64b22d495b32d18ff399b1bba635d46ae71d3dfc5a20535862d8dbe8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe

Filesize
184KB

MD5
6a9c90e9b9a66942e66c36bea1724634

SHA1
d7a62c7210033e40587138ad29c27b3b67443903

SHA256
1cdfc2757b2be3c17bcf44ceea2a000a7efe47f3615740e483f384f225051a87

SHA512
b1a09999c5ff5f6abf5a1a13ff2b7752a96c54b361cfe8febb82da4e7dd68b0160aad256a1a4fd835bba30b91db0114d4dac0ad759a7dd8fef481df8f7a19556

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe

Filesize
184KB

MD5
034cb7044819ed882678ff212ddfa686

SHA1
78fa2649bf250af86b38ccf7aedf73c0e434c0f8

SHA256
6e22c88a16bd28b410f5ed0c01e28b83005c37812a1d5be826db798b0ab96686

SHA512
62e87646a9c61b58088bf07a21c7c490d8c2e500b5514230ab56822e96ce6293f2977349258ba8187d19be5577cd0d1abde840ca5cdb9fe28ba82a7514288fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe

Filesize
184KB

MD5
4a7a90bfe9362a80a6301f51c25a1509

SHA1
4c4b476ca47937e290eca50c960032697b125ae5

SHA256
acc7fcdb64d172206c4c12b0c4459184977fdcb1f0e9f0dcd0c727ab51192a18

SHA512
423bea05bb5e8f5aba0f25d0c954f0dcaae41854f7b3146db38fe4c709571e121af7274493a736f7fea2d4e750a4a79c547e0b6eed083a815a5188c6018e19f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe

Filesize
184KB

MD5
3144a37195e53cbd9fc2b42e8400ea94

SHA1
2be2f30f53b71669a5e46fae6054cf8c7833d22f

SHA256
2f4d1cc63aa3c8110086cb000d746252717917117f3ce5748d51a32ff422226d

SHA512
f1bac005f1fb3c9b00a830e2aa61a0c6a0654fb593ae3a5891addbefc511e80fec29811ae8c43692e0965edc13c82f61705ba9b32e9887e2c8494071d58b1e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe

Filesize
184KB

MD5
292e3b5fef59d3c6b897010f687ab34e

SHA1
26c1e97a998761a53ee1eef8620ce0419d02d33d

SHA256
ca9a7c108e9b372f5119847218620f7905c72b7a816396e5b35443846ca29870

SHA512
ddbbfa51fd903046466e0f86c19085be30798ea8a6984ce2b6a1dac3541d0e8b75184ec28456750ef62f959c06d7d8cb35a08fb859665200cbeb18de1a5ebf32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe

Filesize
184KB

MD5
a9b5766a0723803260d6f9883c382c8c

SHA1
ebefee6b8d3eef38c48a98d8d600f55cbbbb3de4

SHA256
aad79213ff0e2ffbb53ca88b40fed9f6d8db4417266f6343b497f5f839090260

SHA512
24744de67f339b181258a7efe00b8a52c679f8fcf5a6600147efebec8016ae26630fd2c40419b67a1e845e5815b44a1bcc36298dc2ba5343ebe5a457a5473bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe

Filesize
184KB

MD5
37f558a50af06f8d560a6947cf46381c

SHA1
27337ae2db96075ae506ecb4996a5dbaecc662e9

SHA256
3d9a60b61a56d55c50f6a4290cdd61d7e0d6414b8c71d26beb3fc8ccc0a6d58f

SHA512
1b6edb2e9260e3710af438660a8f3e493ca22f6561ea63d2bb040cb238313a84810c4e4ce53abfaedf119a26d974ca40a89f6a16c5217f75223947e1bec2661c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe

Filesize
184KB

MD5
8630bdba86bfa99e9edc612d7ed559b6

SHA1
ed47c81ab05c5e4f721cdbdfbc341b62c8f265b7

SHA256
876e763e09258b84fd8a446f200aeaaa1f8eacedfad2de458a2ef9c7f0a99efd

SHA512
d7d83c90e6d960fa83fc6984676e4ee3d0c739d319d9ffea4e0f1d9863eea3caf9e61dc04656eedff391465b914cc1d496529f43af4f953e6693f86183776c02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe

Filesize
184KB

MD5
802ac26576554497e384e87712c88081

SHA1
fcd686ee944851a290f5910d1aa89b43edc1a4ba

SHA256
cf400b079695e5ebe7adc3f9be5a8bf58ff8ea0717c4eb73a0d56c6946ff7cc5

SHA512
43809ba621c60ea804083b273011a12ca5a0fef50ce87993882113a40bdcd539f173de6b10e93420f328ccdb3fa0291486a0975fca44c0a96cdfca6067910e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe

Filesize
184KB

MD5
57a44bfe14ce566d0f88d5ff670dd6ef

SHA1
154684de5cf2504a18a81f053a1290f1e6442c5b

SHA256
264987b0a08f097188d6b7c1837b66a10793a5027773d369d26e5b525b21a80a

SHA512
23ed5f3d05f8bcf2ac52739d6f5e94861e676110b61c500adc39de6cc02172e57109de65692d06cf23571c3f8a26731d2e31f84e0da4505cfdf5dac3111cde05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe

Filesize
184KB

MD5
4df5fcbe1c1ee09faeea7c1c230b7f2d

SHA1
e35caa89739eb4befd88020a9181f1fd57b8b7a0

SHA256
d618970406d3842a4e4168087a02135d035b00ebb2a692a468ae79841f8c1292

SHA512
a4c89b94095cce225ecebaf17c19bbf5c7bfa8bc9193f7cd938a515d5c139fb3d354fb42ead4de4e42118b8c14b0942559fcd38a04ce017b6b551e2b9e8df24e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe

Filesize
184KB

MD5
0411a19ca963fe274072ecf131a472c1

SHA1
c670c28934d9fd53492ce5f6033e9533a18c5737

SHA256
7039ff33db78669092c64ad8b8485d0389e862bb229fe713af690af5f236bbc5

SHA512
eed105054798a9d88801de98c53f7316e4fd2d0704b9080009d251319f1c7d4c19c0f7f61c3ef7501ea8eabc3fb89344d2ac9d0262e6485019bb1c4463a82e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe

Filesize
184KB

MD5
bd0289482419fb69f39c3e00455f93bd

SHA1
301bb8f7dae1c496e53c0a04d1d7099aa2dc8d93

SHA256
97ae54013a629483071637f755b68d7d7dc8a03390fb7e3adde373d49dc95cb3

SHA512
e26de252fe9fcc39bfbc4bc9a8d8c5f90b5989cdb57f2ac1fe97def1fcc456f7cd9e7105af02645ac89dd834f70b1a65bc0b0f71b3836daf99a2a02d2fe9c550

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe

Filesize
184KB

MD5
cc57166a3db54239df3ed826bcb673ad

SHA1
5c24de117cf9c0b8eb55b2d1d49800b967977885

SHA256
3ab2f5140fbf18e708a4053f5b669fbbac51504c358778310d594671d42eb0e3

SHA512
75ad8392a93c1583b48d17d174d32c2759bb88d1496447057649840be2490d38cacf618e37545e6d84cf10671b601f3089639b98645498864ba2eb4b45058f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe

Filesize
184KB

MD5
949c597d3b78b699a74a4f183e4f1f38

SHA1
24185fcc3e7440744b3f9b63722d74683689d65f

SHA256
36069475e4bb361402ccaf958250c55089e62a2ae34aca7698f9fdebab52c676

SHA512
e9cdc81e836655c41ca3883705738a0a41a1fe177aa9d222cee8644070119ae7e9cddf634ca3195f8a5e00fcae8d5399e06af4a8531f39da71ccae302dd266cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe

Filesize
184KB

MD5
3c65e643b49c32b9c6d1f0a77bcbca88

SHA1
fb0bbae46d7c4c11b47d33971dd9676819e7f168

SHA256
82e79e0399ff5ba0867ed93d3926b5a232e9722c9ed45e9eda17fc25b95ce8ad

SHA512
5bc5e25d1ec07c93a7ef8ff52ec4c80499b751f388d51e1463951ad1141832b8279e113fe4e5cff4b2dd431464ea3e1a300e9b4d232805666e7ecfe582b0d799

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe

Filesize
184KB

MD5
010d2336d6c21fe1064aef2bdedede7d

SHA1
0094b7902048a39e5b014cc1dfdf1a338feeba7f

SHA256
a602c4d8e0631551e29585e7496394d584307662cd9d21bc74178d8525c0d6ad

SHA512
5901fd38d38cc2e1c2ed7bbd67891fd86deef125fae85583a58d66f2ed1f2dad26cc0db4816ba41e475aef2c52a692b439f2945a3d95db7f660340ef2e4250af

Download Submit
memory/5908-3227-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16864-3197-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads