72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe
Size

184KB
MD5

7e2a6f3e65cd929c90646452981f41df
SHA1

66b80bc7abd929911ba1ffbb100c60e8bb60053e
SHA256

72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33
SHA512

19ca07a1c909de11cedef8829da248334398296a8f18b5af0a81f42f43facb45ceea6e6cb7463c6c5468758ffa3b114f3b4d2051f73d8338e59d24786892e22a
SSDEEP

3072:i2u6Q4o4BXt6Fopti4nCdNVClvnqnviuF:i2DoqOopBCHVClPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4652	Unicorn-19556.exe
4388	Unicorn-45404.exe
3800	Unicorn-29622.exe
4032	Unicorn-22436.exe
4104	Unicorn-57246.exe
2000	Unicorn-10738.exe
5344	Unicorn-24473.exe
2484	Unicorn-31564.exe
4888	Unicorn-15782.exe
5624	Unicorn-9005.exe
4356	Unicorn-13089.exe
5620	Unicorn-13089.exe
5360	Unicorn-11235.exe
552	Unicorn-51911.exe
748	Unicorn-36394.exe
452	Unicorn-8559.exe
2176	Unicorn-27588.exe
5700	Unicorn-28980.exe
2092	Unicorn-61744.exe
2508	Unicorn-22950.exe
2728	Unicorn-57760.exe
244	Unicorn-61844.exe
2696	Unicorn-61844.exe
3304	Unicorn-31118.exe
3208	Unicorn-15336.exe
2592	Unicorn-35202.exe
4548	Unicorn-205.exe
3528	Unicorn-54807.exe
2084	Unicorn-3005.exe
3124	Unicorn-8870.exe
3684	Unicorn-58891.exe
3664	Unicorn-6587.exe
5180	Unicorn-29700.exe
2504	Unicorn-4449.exe
1628	Unicorn-37406.exe
3476	Unicorn-57542.exe
5516	Unicorn-45845.exe
1456	Unicorn-173.exe
5760	Unicorn-43079.exe
5952	Unicorn-49950.exe
5324	Unicorn-19224.exe
2140	Unicorn-7526.exe
3944	Unicorn-31476.exe
3672	Unicorn-31476.exe
6080	Unicorn-4833.exe
5008	Unicorn-9109.exe
404	Unicorn-24054.exe
448	Unicorn-43920.exe
4852	Unicorn-13193.exe
1860	Unicorn-17278.exe
4732	Unicorn-52088.exe
2496	Unicorn-15231.exe
5132	Unicorn-36306.exe
5000	Unicorn-5580.exe
1272	Unicorn-13748.exe
5980	Unicorn-27483.exe
4364	Unicorn-28767.exe
6056	Unicorn-37433.exe
3972	Unicorn-17832.exe
6060	Unicorn-12232.exe
5376	Unicorn-31567.exe
4928	Unicorn-9877.exe
5312	Unicorn-6348.exe
5920	Unicorn-38466.exe

Program crash 13 IoCs

pid	pid_target	Process	procid_target
6196	1456	WerFault.exe	122
7872	2860	WerFault.exe	156
8112	2732	WerFault.exe	158
8572	5992	WerFault.exe	157
8564	2872	WerFault.exe	162
9840	932	WerFault.exe	227
11220	6452	WerFault.exe	255
11212	4156	WerFault.exe	223
11612	6564	WerFault.exe	262
4440	3996	WerFault.exe	233
14496	13908	WerFault.exe	679
8060	16572	WerFault.exe	883
6700	16640	WerFault.exe	888

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8016	dwm.exe
Token: SeChangeNotifyPrivilege	8016	dwm.exe
Token: 33	8016	dwm.exe
Token: SeIncBasePriorityPrivilege	8016	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe
4652	Unicorn-19556.exe
4388	Unicorn-45404.exe
3800	Unicorn-29622.exe
4032	Unicorn-22436.exe
2000	Unicorn-10738.exe
4104	Unicorn-57246.exe
5344	Unicorn-24473.exe
2484	Unicorn-31564.exe
4888	Unicorn-15782.exe
4356	Unicorn-13089.exe
552	Unicorn-51911.exe
748	Unicorn-36394.exe
5620	Unicorn-13089.exe
5624	Unicorn-9005.exe
5360	Unicorn-11235.exe
452	Unicorn-8559.exe
2176	Unicorn-27588.exe
5700	Unicorn-28980.exe
2092	Unicorn-61744.exe
2508	Unicorn-22950.exe
244	Unicorn-61844.exe
2728	Unicorn-57760.exe
2592	Unicorn-35202.exe
3208	Unicorn-15336.exe
2696	Unicorn-61844.exe
2084	Unicorn-3005.exe
3124	Unicorn-8870.exe
3528	Unicorn-54807.exe
4548	Unicorn-205.exe
3304	Unicorn-31118.exe
3684	Unicorn-58891.exe
3664	Unicorn-6587.exe
5180	Unicorn-29700.exe
2504	Unicorn-4449.exe
1628	Unicorn-37406.exe
3476	Unicorn-57542.exe
1456	Unicorn-173.exe
5516	Unicorn-45845.exe
5760	Unicorn-43079.exe
5952	Unicorn-49950.exe
5324	Unicorn-19224.exe
2140	Unicorn-7526.exe
3672	Unicorn-31476.exe
3944	Unicorn-31476.exe
404	Unicorn-24054.exe
1860	Unicorn-17278.exe
5008	Unicorn-9109.exe
6080	Unicorn-4833.exe
2496	Unicorn-15231.exe
4852	Unicorn-13193.exe
5132	Unicorn-36306.exe
448	Unicorn-43920.exe
5980	Unicorn-27483.exe
5000	Unicorn-5580.exe
6056	Unicorn-37433.exe
6060	Unicorn-12232.exe
4732	Unicorn-52088.exe
4364	Unicorn-28767.exe
3972	Unicorn-17832.exe
1272	Unicorn-13748.exe
5376	Unicorn-31567.exe
5972	Unicorn-40312.exe
4928	Unicorn-9877.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 4652	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	85
PID 1016 wrote to memory of 4652	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	85
PID 1016 wrote to memory of 4652	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	85
PID 4652 wrote to memory of 4388	4652	Unicorn-19556.exe	86
PID 4652 wrote to memory of 4388	4652	Unicorn-19556.exe	86
PID 4652 wrote to memory of 4388	4652	Unicorn-19556.exe	86
PID 1016 wrote to memory of 3800	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	87
PID 1016 wrote to memory of 3800	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	87
PID 1016 wrote to memory of 3800	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	87
PID 4388 wrote to memory of 4032	4388	Unicorn-45404.exe	88
PID 4388 wrote to memory of 4032	4388	Unicorn-45404.exe	88
PID 4388 wrote to memory of 4032	4388	Unicorn-45404.exe	88
PID 3800 wrote to memory of 4104	3800	Unicorn-29622.exe	89
PID 3800 wrote to memory of 4104	3800	Unicorn-29622.exe	89
PID 3800 wrote to memory of 4104	3800	Unicorn-29622.exe	89
PID 4652 wrote to memory of 2000	4652	Unicorn-19556.exe	90
PID 4652 wrote to memory of 2000	4652	Unicorn-19556.exe	90
PID 4652 wrote to memory of 2000	4652	Unicorn-19556.exe	90
PID 1016 wrote to memory of 5344	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	91
PID 1016 wrote to memory of 5344	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	91
PID 1016 wrote to memory of 5344	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	91
PID 4032 wrote to memory of 2484	4032	Unicorn-22436.exe	92
PID 4032 wrote to memory of 2484	4032	Unicorn-22436.exe	92
PID 4032 wrote to memory of 2484	4032	Unicorn-22436.exe	92
PID 4388 wrote to memory of 4888	4388	Unicorn-45404.exe	93
PID 4388 wrote to memory of 4888	4388	Unicorn-45404.exe	93
PID 4388 wrote to memory of 4888	4388	Unicorn-45404.exe	93
PID 2000 wrote to memory of 5624	2000	Unicorn-10738.exe	94
PID 2000 wrote to memory of 5624	2000	Unicorn-10738.exe	94
PID 2000 wrote to memory of 5624	2000	Unicorn-10738.exe	94
PID 4104 wrote to memory of 4356	4104	Unicorn-57246.exe	95
PID 4104 wrote to memory of 4356	4104	Unicorn-57246.exe	95
PID 4104 wrote to memory of 4356	4104	Unicorn-57246.exe	95
PID 5344 wrote to memory of 5620	5344	Unicorn-24473.exe	96
PID 5344 wrote to memory of 5620	5344	Unicorn-24473.exe	96
PID 5344 wrote to memory of 5620	5344	Unicorn-24473.exe	96
PID 4652 wrote to memory of 5360	4652	Unicorn-19556.exe	97
PID 4652 wrote to memory of 5360	4652	Unicorn-19556.exe	97
PID 4652 wrote to memory of 5360	4652	Unicorn-19556.exe	97
PID 1016 wrote to memory of 552	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	98
PID 1016 wrote to memory of 552	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	98
PID 1016 wrote to memory of 552	1016	72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe	98
PID 3800 wrote to memory of 748	3800	Unicorn-29622.exe	99
PID 3800 wrote to memory of 748	3800	Unicorn-29622.exe	99
PID 3800 wrote to memory of 748	3800	Unicorn-29622.exe	99
PID 2484 wrote to memory of 452	2484	Unicorn-31564.exe	100
PID 2484 wrote to memory of 452	2484	Unicorn-31564.exe	100
PID 2484 wrote to memory of 452	2484	Unicorn-31564.exe	100
PID 4032 wrote to memory of 2176	4032	Unicorn-22436.exe	101
PID 4032 wrote to memory of 2176	4032	Unicorn-22436.exe	101
PID 4032 wrote to memory of 2176	4032	Unicorn-22436.exe	101
PID 4888 wrote to memory of 5700	4888	Unicorn-15782.exe	102
PID 4888 wrote to memory of 5700	4888	Unicorn-15782.exe	102
PID 4888 wrote to memory of 5700	4888	Unicorn-15782.exe	102
PID 4388 wrote to memory of 2092	4388	Unicorn-45404.exe	103
PID 4388 wrote to memory of 2092	4388	Unicorn-45404.exe	103
PID 4388 wrote to memory of 2092	4388	Unicorn-45404.exe	103
PID 4356 wrote to memory of 2508	4356	Unicorn-13089.exe	104
PID 4356 wrote to memory of 2508	4356	Unicorn-13089.exe	104
PID 4356 wrote to memory of 2508	4356	Unicorn-13089.exe	104
PID 748 wrote to memory of 2728	748	Unicorn-36394.exe	105
PID 748 wrote to memory of 2728	748	Unicorn-36394.exe	105
PID 748 wrote to memory of 2728	748	Unicorn-36394.exe	105
PID 552 wrote to memory of 244	552	Unicorn-51911.exe	106

C:\Users\Admin\AppData\Local\Temp\72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe
"C:\Users\Admin\AppData\Local\Temp\72144cf736228d23b14ce3763d7a6473aeb734100a09e6a839504c9f6fe5fb33.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        10⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        10⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        10⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        10⤵
        
        PID:18204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        9⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        9⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        9⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        9⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        9⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        9⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        8⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        7⤵
        Executes dropped EXE
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        9⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        9⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        9⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        9⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        9⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        8⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        9⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        9⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        7⤵
        Executes dropped EXE
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        10⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
        10⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        10⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        9⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        9⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        9⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        9⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        8⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        8⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8663.exe
        7⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        9⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
        9⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        9⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        7⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        8⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
        8⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        6⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        9⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        9⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        9⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20570.exe
        8⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        8⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        8⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        8⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        7⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        7⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        6⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        8⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        8⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        7⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        6⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        8⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        8⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        8⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        8⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29803.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        7⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        7⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54662.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        7⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
        7⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1433.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        5⤵
        
        PID:18140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        9⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        9⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        9⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        9⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        9⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        8⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        8⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
        8⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        8⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        7⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        8⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        7⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1839.exe
        6⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
        8⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 640
        7⤵
        Program crash
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        7⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        7⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        7⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        5⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        6⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        7⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 696
        7⤵
        Program crash
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
        6⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        6⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47049.exe
        5⤵
        
        PID:6452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 628
        6⤵
        Program crash
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58114.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
        5⤵
        
        PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        8⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 636
        8⤵
        Program crash
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 656
        7⤵
        Program crash
        
        PID:7872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 648
        6⤵
        Program crash
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        5⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        6⤵
        
        PID:16640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16640 -s 444
        7⤵
        Program crash
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27688.exe
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        7⤵
        
        PID:18188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 660
        6⤵
        Program crash
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        5⤵
        
        PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        5⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        5⤵
        
        PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      4⤵
      PID:6564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 632
        5⤵
        Program crash
        
        PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      4⤵
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
      4⤵
      PID:17708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        8⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        8⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41472.exe
        8⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        7⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        7⤵
        
        PID:17632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        8⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        7⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
        7⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        7⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        6⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        6⤵
        
        PID:17544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        7⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        6⤵
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        7⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        6⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        6⤵
        
        PID:16572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16572 -s 472
        7⤵
        Program crash
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        5⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        7⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        7⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
        6⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        5⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
        5⤵
        
        PID:15856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        5⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        6⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
      4⤵
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        5⤵
        
        PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
      4⤵
      PID:16788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        8⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        7⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        7⤵
        
        PID:18412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        6⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        7⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48544.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        5⤵
        
        PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        7⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
        5⤵
        
        PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        5⤵
        
        PID:13908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13908 -s 464
        6⤵
        Program crash
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
      4⤵
      PID:12544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
      4⤵
      PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        7⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        5⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45217.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60398.exe
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        6⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        5⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        5⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
      4⤵
      PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
      4⤵
      PID:7796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
      4⤵
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        5⤵
        
        PID:15376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
      4⤵
      PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
      4⤵
      PID:8036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
      4⤵
      PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
      4⤵
      PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
      4⤵
      PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
      4⤵
      PID:3328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
    3⤵
    PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
      4⤵
      PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
      4⤵
      PID:16688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
    3⤵
    PID:9696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
    3⤵
    PID:13564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
    3⤵
    PID:16768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        9⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        9⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        9⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        8⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        8⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        8⤵
        
        PID:18396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
        8⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        8⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        8⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        7⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        7⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        7⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13626.exe
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        7⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        7⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        6⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        6⤵
        
        PID:16680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        6⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        7⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        6⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        5⤵
        
        PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        6⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        8⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
        7⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        7⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        7⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        7⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        6⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        7⤵
        
        PID:17836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        6⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        5⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        6⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        5⤵
        
        PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
      4⤵
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
      4⤵
      PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
      4⤵
      PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
      4⤵
      PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        6⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27688.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        8⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42911.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        7⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        7⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        6⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        7⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
        6⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        6⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        5⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        7⤵
        
        PID:17856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        7⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47781.exe
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        5⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        5⤵
        
        PID:18208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        6⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        5⤵
        
        PID:18140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        5⤵
        
        PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        6⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        5⤵
        
        PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37859.exe
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
      4⤵
      PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
      4⤵
      PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
      4⤵
      PID:7468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        5⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
      4⤵
      PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
      4⤵
      PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
      4⤵
      PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
      4⤵
      PID:18060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        5⤵
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exe
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
    3⤵
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        5⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        5⤵
        
        PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
      4⤵
      PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
      4⤵
      PID:16032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
    3⤵
    PID:8168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
    3⤵
    PID:11204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
    3⤵
    PID:14796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
    3⤵
    PID:17652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        8⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        7⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        7⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17796.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        6⤵
        
        PID:17740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42052.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        7⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        7⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        6⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        5⤵
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        7⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        6⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        6⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        5⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
      4⤵
      PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
      4⤵
      PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        6⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        7⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        7⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
        6⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        5⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        5⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        5⤵
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        5⤵
        
        PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        5⤵
        
        PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        5⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        5⤵
        
        PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
      4⤵
      PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52117.exe
        6⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
      4⤵
      PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
      4⤵
      PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
      4⤵
      PID:18112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
    3⤵
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
      4⤵
      PID:18124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
    3⤵
    PID:8068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
    3⤵
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
    3⤵
    PID:12056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
    3⤵
    PID:1728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        7⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 616
        7⤵
        Program crash
        
        PID:11212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 620
        6⤵
        Program crash
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        6⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        5⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
      4⤵
      PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        5⤵
        
        PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
      4⤵
      PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      4⤵
      PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
      4⤵
      PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
      4⤵
      PID:7216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
      4⤵
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19074.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        5⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        5⤵
        
        PID:18156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        5⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
        5⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
      4⤵
      PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
      4⤵
      PID:15880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
    3⤵
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      4⤵
      PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
      4⤵
      PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
      4⤵
      PID:8268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
    3⤵
    PID:8148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
    3⤵
    PID:468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
    3⤵
    PID:11160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
    3⤵
    PID:17808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
    3⤵
    PID:6964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
    3⤵
    PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
      4⤵
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        5⤵
        
        PID:18248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        5⤵
        
        PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
      4⤵
      PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
      4⤵
      PID:17940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
    3⤵
    PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
      4⤵
      PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
      4⤵
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
      4⤵
      PID:668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
    3⤵
    PID:7992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
    3⤵
    PID:12096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
    3⤵
    PID:15344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
    3⤵
    PID:18100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
    3⤵
    PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
      4⤵
      PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
      4⤵
      PID:17824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
    3⤵
    PID:7436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
    3⤵
    PID:10424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
    3⤵
    PID:5628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
    3⤵
    PID:17224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
  2⤵
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
    3⤵
    PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
      4⤵
      PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
      4⤵
      PID:17356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
    3⤵
    PID:10192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
    3⤵
    PID:14304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
    3⤵
    PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47402.exe
    3⤵
    PID:6668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
  2⤵
  PID:7540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
    3⤵
    PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
    3⤵
    PID:16408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
  2⤵
  PID:10408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
  2⤵
  PID:14028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
  2⤵
  PID:16548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1456 -ip 1456
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2860 -ip 2860
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2732 -ip 2732
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2872 -ip 2872
1⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5992 -ip 5992
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 932 -ip 932
1⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4156 -ip 4156
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6452 -ip 6452
1⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6564 -ip 6564
1⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1888 -ip 1888
1⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3996 -ip 3996
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 13908 -ip 13908
1⤵
PID:15228

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe

Filesize
184KB

MD5
c5e5ec26db86bd3402bd0066c0d54e27

SHA1
09ca7fd2e44e438a9960f2f9dd3b4ba5de1ab236

SHA256
980df8eb2180bb668fe96e288c5dab8586236facbc1f6e79501858a61ef0c41c

SHA512
7910dde3a2b0c00f50820e64111bea07b091f2b0aa55d11d0ed1a5d4c519ac4c315b1343b47d7075e63dae49f95f72087b56f4c347943839156299403fd96061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe

Filesize
184KB

MD5
3619e35984919900fb4570116234836c

SHA1
0a77e4b13b16dbd0ba1464e6d40a92f56670daf5

SHA256
7d840619d8c9e36924727ba7b9368735d7dee3cb97e8d9784c58cd4790a9c179

SHA512
60f571d87c600e27d13d8998d0dc550857789af8a42594cfea6296fbe19adce55660b3e17e341a34a31214b67e7379031382f5ced1fdfa0396731a6ff43c8378

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe

Filesize
184KB

MD5
6aa541412e9af08b692457accc4102bb

SHA1
716270dace89c524b437675e093006c284ccd2a8

SHA256
46905c6103c9f3d2575fe9ae01a89b30ca5a95770735e788ec5f0c408e0ea178

SHA512
eddb6fdea2325b280360343e35d3db9025197ee6acc0d2af88d9cf886ec95355fb233e287002b97e95b356e2f020c260ebb12b62c0e0ec014d15d1037bc7f51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe

Filesize
184KB

MD5
dc1a0853676765e03ef84b523cdacab3

SHA1
d7d6647e670211b5ec50e313094da8073b5e4441

SHA256
3d87fa95d3024d6e75b2d15dbea459f5d6c5d02634a3f60d32fd4819614086b5

SHA512
82318c6abb719134cbe5f9fc5808d6baeef7cb9c12b484435488079c7ee355eadf53135594d73d82816a6d0c634c8eadfe88eb159c20d78de3bd809e2447d291

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe

Filesize
184KB

MD5
8b4e11102e915cd86c497a35ccf7a7ff

SHA1
1c7af6db56ce96740b5fc9376546239fe66478bc

SHA256
2be3f967f9768905ad4623ff788333910a35113f265c09971e3ec5f690986aed

SHA512
7b06b054fd1ae4a151f7cb97144aa32ab51af3c82649034739ff03dd5ad695a0bfc5b33c60323b1565348ddba0828c8fa6cfa5a985480012032a0b2d8e239d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe

Filesize
184KB

MD5
7eb69d4fdeaca50abe45b6c3c8f6996e

SHA1
2b282037f3a3c40e9bfc91536997343b5a7477cd

SHA256
0008325d46db30088c0bede173d2318d9617a7b52f2df66ed285f24e5631597b

SHA512
02a77b309858d50c6fb80109e71da14fc87024b3593ed465e4bea54e3bf1526d379b660a1d57084b959f20e71e697b93acf57774f03d2a9966b8b277d0364208

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe

Filesize
184KB

MD5
7aab91cd731a935017c217be9b8a228a

SHA1
6491e34fd1779b5b394adf1482de5bb4f76bbd3d

SHA256
414196fea6186985a1fc9ae3a3473632776f7104e163a1ecf80a5fa4c170f4f8

SHA512
e385ddd5077ae010358ef72e64c4aea34936293ca048f2a294818fc6f7d2acfc7fe7e970b339541130ba671aed171e6c9c273008fce881fd0ec520cc4e1ace60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe

Filesize
184KB

MD5
6470c845e75484416020b5302912958c

SHA1
16e23c6fad4542ef68e7e5e118a60540f8e616b0

SHA256
71fc7aa971ddae3e507fbf2a491c2cff210be38b9c991eca6aeada6b0f00e7a6

SHA512
24f189ec28b637c80defa59bd1eb2684c52b4168fa03e7197cb69d220c8647a52b6bf338aca2dae8dd7444614c40811eafbd172712784eb0e394551a0ab8f366

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe

Filesize
184KB

MD5
d3369a0361c3be23c7f83ec4ecbe22f7

SHA1
15c662d9a9b000121bdbf7df2783b3464c31009e

SHA256
01d5409a7baa950efaff235c89a11992c9e96e188c9104d6af034366a52bfd39

SHA512
156de1019077fead13c2aee6b8122995affe50d6d2c12ba24e39ad927b4ca60df42d0a5f54334d996bccfb289d38a786b93823b16eef66e80c64ded12d149b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe

Filesize
184KB

MD5
088b6639258c30324cacc26591e30f16

SHA1
59e60e8d7ae45fdf83cbfd1b04567d69f9c32477

SHA256
1bb7a4a3ceda93d0aecfad7a135afad41b899ca413a14e805364f0b1b931fcec

SHA512
11de3daf936fdedb5c06b8c492e0b1a1d53797b8c04de7c1120693053403734ba7611faace4d348137753fc78729737901521e40fef1e36fdb3419438e5a68b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe

Filesize
184KB

MD5
7897d78496a2041ae98705e341b33d48

SHA1
936ccdba599128b85485b48281ab9f53303ab180

SHA256
dd7e3a5d3e4bded5ebd34c9364227facd8b9156186d02f8e52b69210494aba0f

SHA512
5df7b18e4ee79a4310f45b144dd813e23dd38d540135ca3e950a388a50a5d774c3b7dcc1e3394a2c29b65e7751058c79a93ac4808d1c6b36fe23236baf4faee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe

Filesize
184KB

MD5
f3efb7822272325e9513f10d1b2409e6

SHA1
92d226fd90f673a2527ca7cc6ebd2d284f7b2828

SHA256
dd6daed2145a0d749c1927f7a18a0c58d78ae758010e2bb65fc650e6507a3955

SHA512
73af18e0f79641e616c09324da25132f3c2dba2d0c04666dc8e103749704bfbd56d0c85155143870f2236ebcfba9232a7c413f2b15f58db54c1fed01a71d2994

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe

Filesize
184KB

MD5
b9f679d56883339d8aa1151b4acdb2e4

SHA1
d7d83652c10e9593bb97aa045c5f04f746536827

SHA256
fc30a673023512093e6d1e6366837ea99d85464e11fef7158937fdfbe0e43c1b

SHA512
c660c9eadb3e90d8a7677ba319fb675e793c726b0a6919a49ebc1d8aa3ce8a104395955b2076e922ad82263fb1b7e611b2bffff74258b11beba8bdb1360c0091

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe

Filesize
184KB

MD5
853072938636ae577925374e80bcbd0b

SHA1
e4e7729fd977946c1f4f53a2793a53cc932624a2

SHA256
12d76064e5c213e1afe717068a6a3b5d0d4e71c50d23d2c8ac9cb4ee796d5d96

SHA512
31f2c9f7f3ca4b697be35637ae8fdcb8ca26712f5038800f57996deee1fa1ae7445e1553d3e19404e64c40a835bf203639debb6cd38f8de4972aa9e1eecf044b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe

Filesize
184KB

MD5
afd96025b6376014d0dca075d1768ad2

SHA1
91d68f8797982dd90bb4d2fd299a76c9301932ca

SHA256
fb96c93aaafb68ac8e2138f7cc2d68981a437c3433a23596e5d6fedc88215a36

SHA512
761a0f1548b3f465f2f192fef95802d6e15f274c1cdd9e30479f5b2b0b43fcbbc716732776c099eb7c79623afef134f57abfcc09d481ed5b03defcf0618f73d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe

Filesize
184KB

MD5
df85b6400646801419766b1a81fcac57

SHA1
406dc85f0bdd166faaa108fc1dd96b1ee7da6044

SHA256
d5a74378800fe4dea7130d1449ef7f6bf7ceaeb7d015648ca634405ce98a5e58

SHA512
c8039e910c6be47796ddd70c3fe64139c9f42c49680340cf3fb1cd89ae6d84bd6f06a8c690c32ce3b1196ca11398deda9f44cda79af0bf920951a18792d67ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe

Filesize
184KB

MD5
0aa263c961fa8b8107734d1c9f1f714e

SHA1
6a5784d65539ddb1c3e6a0c39b1cee62376ed275

SHA256
be543f1d1a7418c45fa43c8361b18d17d1095780423fa857710cdc2c2452cf17

SHA512
dab42c778cc0a40b8ce11441b74ffd84375b02eeadd86eb2da88a10032eddab42b31c1721dcd5a594bff845fdf3983baff7e7e430db20b0a56104ea3abbbef31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe

Filesize
184KB

MD5
fa0d4f7e2d9124aa9ae8bc15a88ffc44

SHA1
2a64c938f77988b7ca0a2456ac7999300872a836

SHA256
7cb7059d7c313cf70de880cc0a5790cea0ead2ed0fa5f4da0fc19d34d3abe29d

SHA512
a5af39028954b85c9a04b82bcc3f890700f42386f25139fe73303ac7a1e3a81738441485d7122891f1018f30458115b1ad7a4c1ff319f1fbc772b2fe9844a100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe

Filesize
184KB

MD5
d9fb19d513b4be75886fd3e8f61df479

SHA1
b6daf575927a1cad76e5d056e122d4126b80f57f

SHA256
822bbf81dc082830630454e6aeb8e0ac27b6c3cb88a13f534158760a1bbb80c0

SHA512
ce5a2c2c6bbfc16971427c4447bb8b3338691f43056cce6c89a49b352a8784b6db1e190e7f8d64aea12196e1da72220f563bcd43b878b34fd6873654204a04bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe

Filesize
184KB

MD5
b4eee8dfb530cfdedc7a433f19030290

SHA1
4b62f6d24d5c53d01c6869abed30da3bdfa3f5eb

SHA256
3ae55952e990f4ba0f8972c46d3bfd8956a101f4361e2db46cf1b12446186c5b

SHA512
7bf3b139ab96c92c3ac1b19d4ad7393513e889edf2b8e33e69a6801b40534d6d57a2923c8a5c8c3d1f4f88c2561146ac81d47981d1832c58a5b2d90fd3ab6d2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe

Filesize
184KB

MD5
e7ab080827ad030600dd0c9aac7dfcd9

SHA1
36a00fbcc8454f71372511faa6fc80901ba8ab29

SHA256
d7ccccba8d246a59a70bd2bcd4ae51926349f21156227247d841db6dad9dfd9e

SHA512
e79ce980293ef419283421a8c6a4433d2a0861def387bfeb374f1aa84979e5cb118c302d5de6e752218f6244377f51c141e9c84796b858cbebeef54326b38cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe

Filesize
184KB

MD5
85df5255f5bf26f6d7fdd5f139134ebb

SHA1
83ada970fc16d313060dd2784067a2851d75b840

SHA256
1f677aafe706a5f5784f9a25a90df683438e9f0c0e6feb16fe5bc66f9f96ce82

SHA512
ebc9b18d30e8ae00b24a4b7dade9152c807cd803b2b6546da9a2e23be1ace862a436b3e8cfedd84fcacaadb2c4370c170bd290aede5941dd4160bec61fa1f828

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe

Filesize
184KB

MD5
10f3a6f1dd8d4275e4b41b3491cf8198

SHA1
d59c9a50fa6da72505b42cdecb5d8a34f2da1472

SHA256
fc933c8da1d91ec00d2c9e5a6d953ad92d92c3cd2aa47b34164882103d7b11ee

SHA512
e8f795653207deba0110327ad0f06614c4f2b3f3dd0f603c05897410ad9366717bb201eb96260189ffc987bfb2aad4b93cbe2f027944f0bd7613b34e73b6a4da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe

Filesize
184KB

MD5
00474b01f92e4ba656bf8f72782e953a

SHA1
9db423b2c34ab7b756b1f7ddb5e1873c20e1d894

SHA256
75eeb4aead282cf7362c2b807a2a3370b390413f7e1cd9ee89bb9b72c739119b

SHA512
a165d2d0662302a8f1333fbb20a8171984cac62396b86daba38cbee881e2c54adbc45678a7684e613ad9c0e58c92bdf72f73ea5d0dbff9efac5ab611d3f89a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe

Filesize
184KB

MD5
11b34dc0add21dd6b953056021956bc1

SHA1
33e7a38bdea52a69ed97957ec997448a8ff3fb49

SHA256
cb12728070a0fbb336d73f9633666a3614d275f947f3035e4ac3a7c89a42c9b2

SHA512
ce097a7b2558d374d2d8790a845ea85aaf3a93a1da5a17411e31dca0f8f3ebe65a6d76f14a127a99347effa3d30aadfb2aefe70efca34c98b17415b9c96b5ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe

Filesize
184KB

MD5
2bfa35cf402661150088764f1800027b

SHA1
ddd6df3d3dcf7829415b2b2752a5c78c9b208271

SHA256
a7633cbf28b01c420a732bf16f02cab3bc9d2530eab51dfea1220907722cefdf

SHA512
b1e16fa8fd66d6773a37dda2f4014cce047b255130f64ae729c40833c54f9b52851648708bfb23f276497aff005aad418a3b8da4eb98f1548b34f4ea89f27769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe

Filesize
184KB

MD5
31f37e8743e64708ecdfe34e1cfdbf5c

SHA1
64a07590647993418c730e8a51afb2ab53868631

SHA256
17d56d1ee03ab6e686a2bf7381fda954dcc2403f841c1d6edc0189d033a50287

SHA512
92a351c491b52e72ac259484f379437b41b0bb0831017b2d99a4694906d96419ef0162355e71cdaf68fda4e5d54347d5a7c533be4926524908c5547cd905f965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe

Filesize
184KB

MD5
29301a3782121eff92df6315170e9f19

SHA1
246e106036cdf0493f4cb7506a85583f9de1c4a0

SHA256
edf45c958dad7ee27c2af6cc5b77e42d0e50ae0ad6a558d15ce702cb5ecdcae2

SHA512
037bdcd076494df58a4fdeb89f61db337e5338b1d11b123ada5d80336a92fdf449685350f2285754bf528c5b54aa65759c8a927805d430d72f5b041c3e6093bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe

Filesize
184KB

MD5
6a08d3247170e88aec22799436e149f7

SHA1
523475dfd187fbcff061e1ce9991a306f1c76d26

SHA256
26f8f9886370ad46c7c7680dacea7bbb9052b2cb8fd6cab5277ec5392e704346

SHA512
7d9a2484b412eec58b529f4c72e8d19ae3b26a108d47a3acd47751b19a92387450a3166ab56f9dc7d8aaffbecde7463d2541bea83be70c726fd913b980b3025d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe

Filesize
184KB

MD5
c042ab2c0228e9fe8e11516da1db696f

SHA1
900c0d895659ac4ba5aebcdeadb0e888d87d27ed

SHA256
c0fdbac2acd4873b83083f3de6e791a38a44a76fa4acfdce6f8c48721aa789c9

SHA512
ac955e323d1a76059c60502a12c516423b3a4de35acc88ff89c1978a4308c1894e9479b82a1edc931ff887c8c6f54a1e754413a7052122f4679cabed46c4544f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe

Filesize
184KB

MD5
563189e838e8878c13405257e6c10fd1

SHA1
6b497ad663f2e1a631f33a0f697e0850c0cd6862

SHA256
53e038fca6838fa207dcf3f99a8c333dae2f462c8efad8aab26681cc93eba353

SHA512
791271bf41938a4c428c2f515a490641f57a305b7f42b36a19ab6f82415218197867d5f93e964b25c9bb4befc56fcd73e5bf2fa759717171eed2e806d0cd7d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe

Filesize
184KB

MD5
6f1027831fb9cccccaacd5172962c3b6

SHA1
5956b56a32b425d2005bf6143e403b05fcfc77be

SHA256
3f06b0d3d65da48b79dbed22a9395f5063303ebe6d29d5216d7a6f03be70a6cb

SHA512
54de8876d1625f2c14ef825a98f146328a619dc4d0eae3cba7ccfed8cf0c265b477d546fbd04bacf87bbb9bf077ecffda23756b0eaaa57bb9741c8da34fc8fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe

Filesize
184KB

MD5
fcb7bff775ef002c6e77d9e19f761c85

SHA1
24181de9ec1b7838415ac21c1be64d728cc50558

SHA256
62e815f0c18c6fb0d70fe4098d3675f4cfb6ebb843ee5c7fc192d1d5f5b54b81

SHA512
a9448f980e3c53f68442ae785abd01e417b5af749b0756f9246b50dbac9e57052dee3453615a5371b8f488d26594b8255d2b5c1c5a6c897de4d9567e8d2beba8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads