3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d

Analysis

max time kernel
146s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 20:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe
Size

184KB
MD5

fd23cbfe18a336c0f9430e8d45e73691
SHA1

b1bb7dfecb4967ebf4504491dd3c41331001a2fb
SHA256

3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d
SHA512

ea06cbbb1ec9b1ece738ad3bbf560066cefb5a22e0d3fa33c0e1a852f3bd445dcb8612e945bdbf8f9241983b5ca8faa713073127833e1f6b7b5ba7b143c1273a
SSDEEP

3072:E/B6v+o0QHUHde1Okd58PLVZlvnqnviA4:E/doq9e1f8TVZlPqnviA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3900	Unicorn-63374.exe
4896	Unicorn-46052.exe
4564	Unicorn-22102.exe
2888	Unicorn-19192.exe
4316	Unicorn-60779.exe
4724	Unicorn-11023.exe
1736	Unicorn-35620.exe
1684	Unicorn-65268.exe
4604	Unicorn-6508.exe
3724	Unicorn-57100.exe
2252	Unicorn-14021.exe
4932	Unicorn-46794.exe
1724	Unicorn-42445.exe
4528	Unicorn-46794.exe
376	Unicorn-51433.exe
2196	Unicorn-51898.exe
2208	Unicorn-53221.exe
3944	Unicorn-32054.exe
4436	Unicorn-54512.exe
556	Unicorn-60642.exe
4128	Unicorn-1882.exe
5004	Unicorn-11441.exe
1336	Unicorn-7357.exe
3892	Unicorn-34000.exe
1408	Unicorn-55796.exe
1788	Unicorn-3273.exe
220	Unicorn-7912.exe
4392	Unicorn-3008.exe
5108	Unicorn-17563.exe
388	Unicorn-3828.exe
4804	Unicorn-27778.exe
60	Unicorn-25038.exe
4424	Unicorn-1088.exe
4452	Unicorn-45458.exe
3956	Unicorn-433.exe
1364	Unicorn-53434.exe
3592	Unicorn-11778.exe
4364	Unicorn-17254.exe
408	Unicorn-2598.exe
4304	Unicorn-12977.exe
3632	Unicorn-46397.exe
3192	Unicorn-10839.exe
2288	Unicorn-31351.exe
4740	Unicorn-19008.exe
3660	Unicorn-44280.exe
3508	Unicorn-55141.exe
1720	Unicorn-1301.exe
968	Unicorn-46973.exe
2272	Unicorn-52448.exe
2176	Unicorn-1201.exe
1852	Unicorn-64700.exe
3780	Unicorn-52183.exe
3176	Unicorn-50310.exe
1020	Unicorn-13361.exe
2004	Unicorn-3802.exe
2552	Unicorn-44088.exe
3212	Unicorn-347.exe
3412	Unicorn-20138.exe
1308	Unicorn-4232.exe
2316	Unicorn-20138.exe
4116	Unicorn-35920.exe
8	Unicorn-29789.exe
3936	Unicorn-20522.exe
2752	Unicorn-15884.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2188	1852	WerFault.exe	134
6368	5700	WerFault.exe	218
7116	5700	WerFault.exe	218
7852	5432	WerFault.exe	210
9088	6336	WerFault.exe	259
10012	6344	WerFault.exe	260
10280	6352	WerFault.exe	261
11620	7064	WerFault.exe	319

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7060	dwm.exe
Token: SeChangeNotifyPrivilege	7060	dwm.exe
Token: 33	7060	dwm.exe
Token: SeIncBasePriorityPrivilege	7060	dwm.exe
Token: SeCreateGlobalPrivilege	9272	Process not Found
Token: SeChangeNotifyPrivilege	9272	Process not Found
Token: 33	9272	Process not Found
Token: SeIncBasePriorityPrivilege	9272	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe
3900	Unicorn-63374.exe
4896	Unicorn-46052.exe
4564	Unicorn-22102.exe
2888	Unicorn-19192.exe
4316	Unicorn-60779.exe
4724	Unicorn-11023.exe
1736	Unicorn-35620.exe
1684	Unicorn-65268.exe
4604	Unicorn-6508.exe
3724	Unicorn-57100.exe
2252	Unicorn-14021.exe
376	Unicorn-51433.exe
1724	Unicorn-42445.exe
4528	Unicorn-46794.exe
4932	Unicorn-46794.exe
2196	Unicorn-51898.exe
2208	Unicorn-53221.exe
3944	Unicorn-32054.exe
4436	Unicorn-54512.exe
556	Unicorn-60642.exe
4128	Unicorn-1882.exe
1336	Unicorn-7357.exe
5004	Unicorn-11441.exe
5108	Unicorn-17563.exe
220	Unicorn-7912.exe
1408	Unicorn-55796.exe
3892	Unicorn-34000.exe
1788	Unicorn-3273.exe
388	Unicorn-3828.exe
4804	Unicorn-27778.exe
4392	Unicorn-3008.exe
60	Unicorn-25038.exe
4424	Unicorn-1088.exe
4452	Unicorn-45458.exe
3956	Unicorn-433.exe
1364	Unicorn-53434.exe
3592	Unicorn-11778.exe
4364	Unicorn-17254.exe
408	Unicorn-2598.exe
4304	Unicorn-12977.exe
3632	Unicorn-46397.exe
3192	Unicorn-10839.exe
2288	Unicorn-31351.exe
4740	Unicorn-19008.exe
3660	Unicorn-44280.exe
968	Unicorn-46973.exe
3508	Unicorn-55141.exe
2272	Unicorn-52448.exe
1852	Unicorn-64700.exe
2176	Unicorn-1201.exe
3780	Unicorn-52183.exe
3176	Unicorn-50310.exe
1020	Unicorn-13361.exe
2004	Unicorn-3802.exe
1308	Unicorn-4232.exe
2552	Unicorn-44088.exe
3212	Unicorn-347.exe
3412	Unicorn-20138.exe
2316	Unicorn-20138.exe
4116	Unicorn-35920.exe
8	Unicorn-29789.exe
2752	Unicorn-15884.exe
916	Unicorn-52640.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 3900	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	83
PID 1944 wrote to memory of 3900	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	83
PID 1944 wrote to memory of 3900	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	83
PID 3900 wrote to memory of 4896	3900	Unicorn-63374.exe	84
PID 3900 wrote to memory of 4896	3900	Unicorn-63374.exe	84
PID 3900 wrote to memory of 4896	3900	Unicorn-63374.exe	84
PID 1944 wrote to memory of 4564	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	85
PID 1944 wrote to memory of 4564	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	85
PID 1944 wrote to memory of 4564	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	85
PID 4896 wrote to memory of 2888	4896	Unicorn-46052.exe	86
PID 4896 wrote to memory of 2888	4896	Unicorn-46052.exe	86
PID 4896 wrote to memory of 2888	4896	Unicorn-46052.exe	86
PID 3900 wrote to memory of 4316	3900	Unicorn-63374.exe	87
PID 3900 wrote to memory of 4316	3900	Unicorn-63374.exe	87
PID 3900 wrote to memory of 4316	3900	Unicorn-63374.exe	87
PID 4564 wrote to memory of 4724	4564	Unicorn-22102.exe	88
PID 4564 wrote to memory of 4724	4564	Unicorn-22102.exe	88
PID 4564 wrote to memory of 4724	4564	Unicorn-22102.exe	88
PID 1944 wrote to memory of 1736	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	89
PID 1944 wrote to memory of 1736	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	89
PID 1944 wrote to memory of 1736	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	89
PID 2888 wrote to memory of 1684	2888	Unicorn-19192.exe	90
PID 2888 wrote to memory of 1684	2888	Unicorn-19192.exe	90
PID 2888 wrote to memory of 1684	2888	Unicorn-19192.exe	90
PID 4896 wrote to memory of 4604	4896	Unicorn-46052.exe	91
PID 4896 wrote to memory of 4604	4896	Unicorn-46052.exe	91
PID 4896 wrote to memory of 4604	4896	Unicorn-46052.exe	91
PID 4316 wrote to memory of 3724	4316	Unicorn-60779.exe	92
PID 4316 wrote to memory of 3724	4316	Unicorn-60779.exe	92
PID 4316 wrote to memory of 3724	4316	Unicorn-60779.exe	92
PID 3900 wrote to memory of 2252	3900	Unicorn-63374.exe	93
PID 3900 wrote to memory of 2252	3900	Unicorn-63374.exe	93
PID 3900 wrote to memory of 2252	3900	Unicorn-63374.exe	93
PID 4724 wrote to memory of 4932	4724	Unicorn-11023.exe	94
PID 4724 wrote to memory of 4932	4724	Unicorn-11023.exe	94
PID 4724 wrote to memory of 4932	4724	Unicorn-11023.exe	94
PID 1944 wrote to memory of 1724	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	96
PID 1944 wrote to memory of 1724	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	96
PID 1944 wrote to memory of 1724	1944	3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe	96
PID 1736 wrote to memory of 4528	1736	Unicorn-35620.exe	95
PID 1736 wrote to memory of 4528	1736	Unicorn-35620.exe	95
PID 1736 wrote to memory of 4528	1736	Unicorn-35620.exe	95
PID 4564 wrote to memory of 376	4564	Unicorn-22102.exe	97
PID 4564 wrote to memory of 376	4564	Unicorn-22102.exe	97
PID 4564 wrote to memory of 376	4564	Unicorn-22102.exe	97
PID 1684 wrote to memory of 2196	1684	Unicorn-65268.exe	98
PID 1684 wrote to memory of 2196	1684	Unicorn-65268.exe	98
PID 1684 wrote to memory of 2196	1684	Unicorn-65268.exe	98
PID 2888 wrote to memory of 2208	2888	Unicorn-19192.exe	99
PID 2888 wrote to memory of 2208	2888	Unicorn-19192.exe	99
PID 2888 wrote to memory of 2208	2888	Unicorn-19192.exe	99
PID 4604 wrote to memory of 3944	4604	Unicorn-6508.exe	100
PID 4604 wrote to memory of 3944	4604	Unicorn-6508.exe	100
PID 4604 wrote to memory of 3944	4604	Unicorn-6508.exe	100
PID 4896 wrote to memory of 4436	4896	Unicorn-46052.exe	101
PID 4896 wrote to memory of 4436	4896	Unicorn-46052.exe	101
PID 4896 wrote to memory of 4436	4896	Unicorn-46052.exe	101
PID 3724 wrote to memory of 556	3724	Unicorn-57100.exe	102
PID 3724 wrote to memory of 556	3724	Unicorn-57100.exe	102
PID 3724 wrote to memory of 556	3724	Unicorn-57100.exe	102
PID 4316 wrote to memory of 4128	4316	Unicorn-60779.exe	103
PID 4316 wrote to memory of 4128	4316	Unicorn-60779.exe	103
PID 4316 wrote to memory of 4128	4316	Unicorn-60779.exe	103
PID 1724 wrote to memory of 5004	1724	Unicorn-42445.exe	104

C:\Users\Admin\AppData\Local\Temp\3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe
"C:\Users\Admin\AppData\Local\Temp\3041d778c44a1711aefab8fcd8535b7f9fc9c1e797f2ed69e0c4018bcf7d299d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46052.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        11⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        11⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        10⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        10⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        10⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        10⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        10⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        9⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        9⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        9⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        9⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        9⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        9⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        8⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        8⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20522.exe
        7⤵
        Executes dropped EXE
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        9⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        10⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        10⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        10⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        10⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        9⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        9⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        9⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        9⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        9⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        9⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        8⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        8⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        8⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        7⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        9⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        10⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        10⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        10⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        9⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
        9⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64155.exe
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
        9⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        9⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        9⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        8⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        8⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        8⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        7⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        7⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        8⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        8⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        7⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        6⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        7⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        7⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        10⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        10⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        10⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        10⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        9⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        9⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        9⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        9⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        8⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        8⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
        8⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        8⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        8⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        7⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        6⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        7⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 720
        8⤵
        Program crash
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        8⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        8⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        7⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        6⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        9⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        9⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        8⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        8⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        7⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
        7⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        7⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        6⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        5⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        7⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        5⤵
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        10⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        10⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        10⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        9⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        9⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
        8⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        8⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        8⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        8⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        7⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
        8⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        8⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        7⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        7⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        6⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        7⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        7⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        6⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        5⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        8⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        6⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        6⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        5⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
        8⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54223.exe
        8⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        7⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
        5⤵
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        7⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        6⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        6⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        5⤵
        
        PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64975.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        7⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        5⤵
        
        PID:6352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 604
        6⤵
        Program crash
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56397.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
        5⤵
        
        PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        5⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        5⤵
        
        PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
      4⤵
      PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
      4⤵
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        9⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        9⤵
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        9⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        8⤵
        
        PID:18152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        7⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        8⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        8⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        8⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        7⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48368.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        6⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        7⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
        6⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        6⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        7⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        7⤵
        
        PID:17924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        6⤵
        
        PID:18256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        6⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        6⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        5⤵
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        5⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30006.exe
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        8⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
        7⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        7⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        7⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        6⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        6⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21866.exe
        5⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        7⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        7⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53439.exe
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48368.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        6⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        6⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        5⤵
        
        PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        7⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        7⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        6⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        5⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        5⤵
        
        PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
      4⤵
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        6⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        5⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        5⤵
        
        PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
      4⤵
      PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
      4⤵
      PID:16212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        7⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 596
        8⤵
        Program crash
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        7⤵
        
        PID:18400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        6⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        7⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
        7⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        6⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        5⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        7⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        6⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        6⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        5⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        5⤵
        
        PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44986.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        6⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        6⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        5⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        5⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        5⤵
        
        PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        5⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
      4⤵
      PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57302.exe
      4⤵
      PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        6⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
      4⤵
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        5⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
      4⤵
      PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
      4⤵
      PID:17176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
      4⤵
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13460.exe
        5⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        5⤵
        
        PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
      4⤵
      PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      4⤵
      PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
      4⤵
      PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
      4⤵
      PID:18228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
      4⤵
      PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      4⤵
      PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
      4⤵
      PID:8696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
    3⤵
    PID:7372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
    3⤵
    PID:12080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
    3⤵
    PID:15176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
    3⤵
    PID:4680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        8⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        7⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        7⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        6⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        8⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        7⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        6⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        5⤵
        
        PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        8⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        6⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        5⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        7⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        7⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        6⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        5⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
        5⤵
        
        PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        6⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        6⤵
        
        PID:18428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        5⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        5⤵
        
        PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
      4⤵
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        5⤵
        
        PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        5⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        5⤵
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
      4⤵
      PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
      4⤵
      PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
      4⤵
      PID:17752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        6⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        8⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        7⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62443.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        6⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        6⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        5⤵
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        7⤵
        
        PID:17832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        7⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        6⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        6⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        5⤵
        
        PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
      4⤵
      PID:17800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      4⤵
      Executes dropped EXE
      PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      4⤵
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        5⤵
        
        PID:6336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 632
        6⤵
        Program crash
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        5⤵
        
        PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
        5⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        5⤵
        
        PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
      4⤵
      PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
      4⤵
      PID:17968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        5⤵
        
        PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        5⤵
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        5⤵
        
        PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
      4⤵
      PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11053.exe
      4⤵
      PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
    3⤵
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        5⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        5⤵
        
        PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
      4⤵
      PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      4⤵
      PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
      4⤵
      PID:7624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
    3⤵
    PID:6212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
    3⤵
    PID:9460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
    3⤵
    PID:7876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
    3⤵
    PID:16644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 488
        6⤵
        Program crash
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        5⤵
        
        PID:5700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 464
        6⤵
        Program crash
        
        PID:6368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 464
        6⤵
        Program crash
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        5⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        5⤵
        
        PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        5⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        5⤵
        
        PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        5⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
        5⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        5⤵
        
        PID:18280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      4⤵
      PID:16928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        7⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        6⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        5⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
      4⤵
      PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
      4⤵
      PID:8648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29789.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        5⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        5⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
      4⤵
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
      4⤵
      PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
      4⤵
      PID:17880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
    3⤵
    PID:7180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
    3⤵
    PID:11840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
    3⤵
    PID:14956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
    3⤵
    PID:1468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        5⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        5⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        6⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        5⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        5⤵
        
        PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        5⤵
        
        PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
      4⤵
      PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
      4⤵
      PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
      4⤵
      PID:15540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
      4⤵
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        6⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        5⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        5⤵
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        5⤵
        
        PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
      4⤵
      PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
      4⤵
      PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
      4⤵
      PID:15272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
    3⤵
    PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
      4⤵
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
      4⤵
      PID:9708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
    3⤵
    PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
      4⤵
      PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
      4⤵
      PID:16196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
    3⤵
    PID:8436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
    3⤵
    PID:11680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
    3⤵
    PID:16168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
    3⤵
    PID:9156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35920.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
      4⤵
      PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
      4⤵
      PID:14072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
      4⤵
      PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
      4⤵
      PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
      4⤵
      PID:16816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
    3⤵
    PID:7588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
    3⤵
    PID:12068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
    3⤵
    PID:15168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
    3⤵
    PID:17348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58452.exe
    3⤵
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        5⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
      4⤵
      PID:1068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
    3⤵
    PID:7064
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 636
      4⤵
      Program crash
      PID:11620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
    3⤵
    PID:9884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
    3⤵
    PID:13400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
    3⤵
    PID:16948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
    3⤵
    PID:7636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
  2⤵
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
      4⤵
      PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
      4⤵
      PID:17992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
    3⤵
    PID:9624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
    3⤵
    PID:12764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
    3⤵
    PID:16976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
  2⤵
  PID:5388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
  2⤵
  PID:10132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
  2⤵
  PID:14088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
  2⤵
  PID:17336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
  2⤵
  PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1852 -ip 1852
1⤵
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5700 -ip 5700
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5700 -ip 5700
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5432 -ip 5432
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6336 -ip 6336
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6344 -ip 6344
1⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6352 -ip 6352
1⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7064 -ip 7064
1⤵
PID:11296

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe

Filesize
184KB

MD5
c4306e3e9a3bdd127cab259c1e3eb089

SHA1
774a4ba989ed684a77c014fe96a8e3accc468c25

SHA256
504404abe1edf7f686916fa1a8e764504bc6b8b4b83b5366043474b86b67a513

SHA512
35e25d78fa2471a7a4d502002ad08a7a4caa644673a3fbc80d69dbf42af78e95037a828a1ede8b0ecd47f5120e728fa3e54a3de353068d57613fcd7a9e1fab12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe

Filesize
184KB

MD5
228251d741e5f396f03f0c754c51668a

SHA1
c26f8618b696cf426c7761ccceba318da09c1c2e

SHA256
d2c02f762bd4fa0b0e3c09a22ea4e777f949e50bb28c07aa87d7d83823fba412

SHA512
4c2a1e4a01cf0b8c56471d361b1e8db683bab832715d73b32097863c0e5dcd1190e9a4c87b6b7281c242270d04e021b6efc7570a9f38eb33e06e6c0d9699a06c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe

Filesize
184KB

MD5
42ece6dc9077fe21fc8aaf4ef74e48f6

SHA1
b53d24d01bc44b57aef7e0e6941ff8d12af3f163

SHA256
d97ef73a21b515fc9ac83c490cf0a8eaf3aa1583f0316819e40b18bb45485313

SHA512
e5a45e9e72d74e733beb8cef066683dba7c2ddf13233c4d0486c3c8558846490da0aa052c8ec9db3dab0b1df34db2a3d8fdf3306fdd7bbdccbf415c107dc1920

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe

Filesize
184KB

MD5
3e2218048470c746506e71892a23551b

SHA1
b6a9498caf55bab743857f4909d1cb31aef5d3a7

SHA256
73fdb1fd523705bf0cea6b06006cb55dee7d18ba4f86abc9bcf4a099ef41c115

SHA512
bca1f52474bfb2daf82b7ce49e87dffd79425788dd2acab867d71b5e32e0f20886c1bd386dffc2df9d97625f5c20cebeaf2d9bb254e0bb6284ae3cbfaac8e082

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe

Filesize
184KB

MD5
13db41755ebbfe59b4e4933ce8645614

SHA1
73494afdc648f27c93981f56ece72a0c6bab56f4

SHA256
48cc809d9391d520b972ba287e6592b2a3dd2ab3a95a140909a58ff0ab3af067

SHA512
71edf48e90a9376467dc06de78130b3e2408c7b7cea4bb5f4c5f2aa84d38dcf1d5273393d8436087698b8524eae04b6899cd9a130b08a2429d4c7843f2a68446

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe

Filesize
184KB

MD5
08dfe8ca4ba2d0a16a2045d933fcc327

SHA1
1c39ffff9fea58ec000a64d2e9ce947dfc32e99d

SHA256
3b740c184bd7af866d57100a264f70319b64df9f136dd584661dc0fc89942d0a

SHA512
0028ee1a91f1aab966ea056e5184df88035db988eaabe2df617095a1a989ebbdad05454f3b1cf0a9addfc7d1c0eaa5e46634fce0e15a7db283c39762f8a00520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe

Filesize
184KB

MD5
c859089318c1b1146e53668e0c45c0f1

SHA1
2d34fb868cc298b8499c47ab01753b540fd75301

SHA256
dcead19f7be9f49c6c80d4a1ac3497c9a46e9a4bf8d5a203f61428105ba0c585

SHA512
5af75aea74d39ba328b13bf867dfb44d0304e2e36d088884a3d8bbd954cd5122f32c3ea5814884389f569a3170fec288c34d214280e4b234110d6c07c05c314f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe

Filesize
184KB

MD5
a748bd202adc7e1cc8be6dae2f57a4d0

SHA1
79d9cf63e13fd59d66ab311ac9e04f9e5ebe83d2

SHA256
1316ecce78340a9d0063e05fb8d58790c5b5b7b4e8ab9b3aa5b82c38ce911e0b

SHA512
c424f061aa946e5a4e9ef2afc9eba76667031ce6a2c847ccbc611ed04a83e70f44ec8576b8ecaff73150adbe99bb50ca9780bdafc35862211905921eae31276b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe

Filesize
184KB

MD5
0d3242509ed4430654909de041fe6a2c

SHA1
3ccb500558f202d1381c62b42de6c681cbec326f

SHA256
cde2b58cb8286def330a73c9d59bb593e9b3078dc0cd0ebe51619e6363008e2b

SHA512
e968f13e551a7215fbf089f980e8e423d84f33fdeed0a72258d41f053409919dfdd8693b35ea5ccbba5e8de2a602589c10c667080aaf84ffb311be7fb6772f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe

Filesize
184KB

MD5
f8e9021b017d44b4f34dad8ac2bd7585

SHA1
9258123ca1f8caa1b660ca246cf223560773d8f8

SHA256
33fa17da712ec1d0f4e18ae440c2854666f671559b57744c9823f51abf25e298

SHA512
bf94a8341fa15075cd6f5bdda2e4a504bbe93017043a206ce2b941f8b340fe2db4d0daac9c440476f7d241cff75e3e0eb1b0ad6a4ef6d237f013208494578e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe

Filesize
184KB

MD5
eb1cdc8ee1922ce68d457e08bce1a3f2

SHA1
d28fa7322095e4689c177b656dc5d4d99e1db321

SHA256
ad3f0c2b460474ea699e8eeda37cb6aabbb7f6fad7933dbd45910a9a8ee7bfe8

SHA512
ad41aa6b24877c04389e5d7b78c6819b09d65713203466a540b81fbbfe4a2322c8813250c2aa2220b87dc0820f4e56e6a41b375da80a43b68f450683152cde28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe

Filesize
184KB

MD5
9e5689f03146be479cca7bae9f758c8e

SHA1
3a68f9709e160f4d6cfa54e407edeaaf95d5bbd1

SHA256
4eddf195c87db5c88992bbb0ba9967a083f0d06269d0a01fae9ebd464cac81c4

SHA512
66690a2c2069b895aaf7464367341c231d0cc05ca191e4f93bafa2f6b0af4121114ecff433b450a358f6b1fee2e6ffd5b3b31a1ac99cf78c713f032c398e975d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe

Filesize
184KB

MD5
978df571198332321639c057280de507

SHA1
9f591745bc6899e6c5cd3031f643bea96e0554d2

SHA256
b14bb772b8fa7865fa461f2c722a0dd8ccd879067fbab4513b41a5a9d7d8f20c

SHA512
0edd8779d95c068fda5585bd422c989a22f640c096268ed69e144b57f7139c2f18db8c3e119aad9ed4eaa2c79b1e80d6a59dbb0fa51c55f4bca3e25c8c860cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe

Filesize
184KB

MD5
f229ef64ed0a20723cc272e7eb61b782

SHA1
22dd59037414a285fd3843e38fca4b93518b4397

SHA256
d9d5239e6f902969df8aa6562d5fcb3f83a933d4a9683178752640c4a009cd2d

SHA512
3ac930ec46dec6500033c6ee9f8d8aa18a189e28385282c931b450b38b90988263716964eb29d4651406f39694ab583723612e77c5d156be66194aceea61e178

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe

Filesize
184KB

MD5
9d2300fd8ae2cb627f0be578e5bda22a

SHA1
7270629e6009d1f69cdf34e383641b9c40d21a26

SHA256
7990ac386226e3b44c37062ddf830ba2ae8c9ba0528c7a20473f18c07cf2aa24

SHA512
20b5251f7a447e807ffe1da17426abb5d488db46cc5f7cfd4165bcd26e30f15bd715e8b7ae68e2e86b7319b89641a4299fd267cc6eee4cf0b23abf5e9570abd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe

Filesize
184KB

MD5
454f25ae1ff94650c72a79db54149a44

SHA1
5ecc1f4609f95e6aa62cceb7d6aafcced82b78e1

SHA256
f0a2b1d2e02053921cc6fca3c3f1cd5e623557df8b3640167731ce537e4bde2a

SHA512
14a4caf0f91a8d8aae019c83a1a13228ef00d925f65eadbb0215feb7d052d35465a1f30d62a22f3187e47c653642eac96e297520e5739d34ddf17272f2fab9e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe

Filesize
184KB

MD5
dd3efa1c66b5f62a9653373b8ca0e3e3

SHA1
0d2306b4ee6c173e7ca4eb793704d3e94a61d091

SHA256
51a3aa314393bb7d9182e010ad68af36fc4273fe266909743f22c819c5333480

SHA512
416ddd17248d4abdae0732ba0d9b32c8637cf0dfed6afc92da38b03f4096c433cf0d26ec812e0052df5ac5db1e03084c6845402025ca820a6a61efaf4448cf81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe

Filesize
184KB

MD5
b1834f50107e0a22e59f84cfe3a14d61

SHA1
96c3933c6203502d640c70e113aa403520901486

SHA256
36b9d46b91c665643a14f13c80c3e31735752bc6c5f32d23e424dc2ad339b215

SHA512
5428295ecd1929dea214a84c902b5acf0fa1d6a322b8b3837c2d92d2bd793180679446e23b6fe1896539a6585678ee7a0e8130e19f70c9640df7c61fcd76e027

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe

Filesize
184KB

MD5
df70d977676df5cc48045004b72f1deb

SHA1
f9ed46ffcae70e4a8c9fa131e8c26e07d8040df2

SHA256
a38a7b06f1d52c8c40ac60d243fe86758452a6e1a280f69bae0a2149b697fcab

SHA512
95145b39ca379573e47599d5522af140ee50444bc55725e7f46a8e1395f91b9feecf3fe7bcab273f7ef27bd017f8d7633b7bf9096fd215d493450c2b067d6e8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe

Filesize
184KB

MD5
24d37578e5d96b0fe9180f4df0b2a277

SHA1
42fc15033480d0f264dc5cfaeb3625466ab34909

SHA256
48fa1964c19f5afdbd4b2891a8c6e2dfa22bf2eb9332a468eaac4c18946229ec

SHA512
82c025952553c253c7e87767453ce912a1c9ee8be9b60bb3b59d1835bb193f9a3d80f158bc64a85e9f09180130745bc2ca51d4a5125ca2463f47ff9056edfa64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe

Filesize
184KB

MD5
32b6348ca4fda2b2f80fd1017c91b3ee

SHA1
746c528cfa467b00eece03923a2e9197b7e57393

SHA256
0326c4d99776d3804efc58a97567b38f42d20cac411dcda6e45c88a1d4480e5e

SHA512
5a7d85d81c19dcae7c3eb40a8ade1299ad51623a8ccf127f9128bcf51802c668bbaca7ec53f288316e833bf43bd50baa011f63c313ad02c542d6f6272b8ba9d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46052.exe

Filesize
184KB

MD5
7a951df300b3beea6d41f8911af37091

SHA1
2c1160256f9cab70b9135831a928a7f07216c446

SHA256
52de0dc217519509b320ef647310c0027562720c0431baab29b45df366c73243

SHA512
de49513d0176f0a27b9e187aead9ced1f99676d402d8cf2ac59b2764c9a27cd028a9b7cbb68865370a769a7d7e5670b1b6ca32358180170c4b1469f488dd98a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe

Filesize
184KB

MD5
a99d1fb184f049d3ebb436082bea37f7

SHA1
ce50d2bdbb1519f3ed5a559c577ec3febe0a55f9

SHA256
79377b419d376783d850284a3f4be792401442545acdd1d12f208492fc467459

SHA512
3174ed34516ea1e518abe50d490a567939a6ae39a4a15ae1a44b8db097954cd0f46941f1448778f37f68d366dd1cca897e7890aa6daf45cf58653e3878da3112

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe

Filesize
184KB

MD5
a719cb2b358f33525b53b02baf2b1b4b

SHA1
b6a4499fea6b9e39c4f5dc828d6326edb5b0c29e

SHA256
acc415f45791bf29275a750ba3575a846fce788808a9ba322df22273313a767d

SHA512
377c2cc0eeb16979283adb6ff3d444123f85c687f2727a9a7dab06c5d9f6268532178906d60e14606ff395c5f0e3dfe28ec43da6ee19587e9183943adcfa0ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe

Filesize
184KB

MD5
68f518903612e21b30eaf7b8d466fa36

SHA1
07910b5513c0d9da7ee3ef001e559f2dbc6d644b

SHA256
3615cb47dc53ef85b8e1521da8047d8578b60dc22cfdf5f0da7c1da01686632e

SHA512
9e7f7d15142e3cbdc933c7034bc1c0fb4fa5f22b5f7cf471489975cad01d717383d0e3b66f5f287816b68394f906edf673bef5336f5ebf18e767712ec62d9244

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe

Filesize
184KB

MD5
af97581e92157474f8f55289d6e1bfb0

SHA1
d324e0dc342e02b9ebe140ffa6ff1db061f8da25

SHA256
607fccbdc9e63d0266d3ca3616273cf6ce6cab086739a09eab1e1a68576fe66d

SHA512
a8f25f03497080e7e8f0151b53b00dd3de60de5f47890fc64da53e86164998c68a266cd1c881e7f005f7bd50e1b4af788eb4905bff1ff72acdf38dd841247b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe

Filesize
184KB

MD5
dba0c446a08e5eb4efcda25cf81ea476

SHA1
afa8ece91f742585123b7183c9353536331823bb

SHA256
b027338f075312668450a2b2abbd7d91a3cbef705d12cd6c7fca8bae53857704

SHA512
eb0d077c673f3620b29b177f7fe7b54ea53bdb68bf0addac3d01e89788c446560eabbc9fe3360c4c86ea139850e64e82fae1d5a9074f3dc58b97b55ef22caa8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe

Filesize
184KB

MD5
980d2a67bfbc68d2602d53918e0a892e

SHA1
f63649a13e56257fc2f22041ed9590481ee4221d

SHA256
808b46e69daff3e87d252e8d80a66ea1cae1c14141d5e203065791fc150ac545

SHA512
b5f671acde4939ae2af815dcdcdb5da83897d0facaa2c694948fcd7844b870d8e8784ff6ec5de2919e48d507f0ab202d457c568429dc6d761259135cbea6ef99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe

Filesize
184KB

MD5
17cfffa82535a8ddae57573f2bd6b3d3

SHA1
43d360bba92962542b97564caa5d705141b11416

SHA256
5e3e32616e2c0f45fdb155af122f244513baf5a3ea64326659a7c704c7cd22f9

SHA512
eb01ef6753d1a0a72dec0364d0108c068fc468239d0742a5c26136aa97a566eafb32cd5a1b0591a103d9253c3f3865aba0f068f1ab0257a4a7031f7fa2f618b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe

Filesize
184KB

MD5
660ecf055560b01c55f48fbb07dd828e

SHA1
59a8ab6aaf4f3a203ba0074be14031e83e742702

SHA256
d11a383d21653c1eaf01fc5d79d043d1fa938067e53992dc06a9d753829c3f89

SHA512
eaa9f5627d509749d5c3f940b85c892414ecf126f24c506f355c00d91cf96a899b48ac5a78b0d5ef436fcb76d133bce5864db277200a1fed63625a01fa6d723f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe

Filesize
184KB

MD5
9808cebae25111a99e521bffa2ae859b

SHA1
3ff7eacc471489cd525c8eee50910c1288f33e5a

SHA256
cc615e8605b685b62e99d233384ad352e27519e1345a28cef074099cfd57558d

SHA512
79519dffeb2769970a583e24c87fa1259059c55124bb015e802c67fd63ee6b1d8348927ede3f3732368803819dd50eef221c892ba5415e9527183ec7b576cfa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe

Filesize
184KB

MD5
221c28aa2144e0efe1a40d1a117d1b88

SHA1
c17ca6228a445114b585b8545a771d3c3b61d5c3

SHA256
d4f42f9886dee52ed916e18f2d23085364a627274c0fdb752d687f6c090a79c9

SHA512
a6896c9c76b57bc6890b4169e7614b91aaa0c1046a2a21ac8f40b2b7adb174edff6fc775b751790d6a4905b9b3731512f1e2c6289c5f9c69a2f96b0e49dd72f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe

Filesize
184KB

MD5
da8994df2ca63ddade5e7ced549e8c53

SHA1
1091f6f383bd8d5f55b785507c7fef217845f332

SHA256
18a4bae0dbeaa8b9dda55f959e945c65d252a53e6246fa631cefac5b1f2aa806

SHA512
1575a2d23a39e9dcbe43ff675ab18c2b5cd3b2c85d916174bf8068e430efd6fe7316374b3e39a7afffdedb4cd094dd6394c636dd4b0b65bc4d804ded489d7029

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe

Filesize
184KB

MD5
ae9091e7a79308b5cf2d5f5d5ccf5ecc

SHA1
ce8a3c457774a3bd1c8120889f0ceb4c066affa8

SHA256
e05c955c141e0f9bf48d9f555e1718a0d44dc98e7862e0abbece7c565734fc0f

SHA512
aa29be0fc9720d97d5d8d3609ee1037219c2448f38688ad24c61d655ac0aabcc6ab53346ea90be2063b02b454c61a9c9c7383aed00b1d5f2c22070208ad68b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe

Filesize
184KB

MD5
ac2b634cf12ae28231f9feb22df8d6bb

SHA1
1071676de9bc31c3c48223cfd6e64665f399f185

SHA256
5a985d81132e7ccb1f0a75a80dedd8849b316beb2239bfa2c75c96c2dd48d2a9

SHA512
e7973526d7f041821aedd882db6b60c76d2d1d43fd405481aec6b33609f2399fad869678b6c28b31f3bfa854cfe9876a2f37bd231eb93ab1cd6bf88c24efdc35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe

Filesize
184KB

MD5
e6a818bbbbf6137044cc9effe85bd068

SHA1
f28baeae7950e85a8dc595264d1949472a99a568

SHA256
f4c1d3b62d1e80aa57c68eee76104efad8d814cadf9ec6f82dcf1967186d1a91

SHA512
3ba447e88ea537b9c0d9413748d10cce0efe82015c2ceeef7b684ad984aa8bc09db525de2c3f7c963a0ef8b657200b97786cfc100de813f1fc75b12e5e83b74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe

Filesize
184KB

MD5
dc09ac293994a0cfe0056630a0470183

SHA1
a18048161d5dc5c7a679c912fa844a34fc3bbbe9

SHA256
b855b68fc2c4f9bfd08e009c895e965a62f3c5e11407c4f3e1b915f8e62a7c62

SHA512
ac0d8584a258c3f5d640c54a5bb2f8f5c63113d2ffb47109ca8e22e0b3129d9c9e6b70dcb75fa9da41a2c7a07fd982e01c325da8163ba732bb949a37d3ab1e38

Download Submit
memory/1944-3692-0x0000000076CC0000-0x0000000076D7F000-memory.dmp

Filesize
764KB

Download
memory/13280-3619-0x00007FFE6FBB0000-0x00007FFE6FC09000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads