a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe
Size

468KB
MD5

32c98e0520ad8902c874cace9efe5b0c
SHA1

2777167f3944db078a00f6cdd318da341ff03c78
SHA256

a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281
SHA512

c638bd1acfdd9ea74367ae21b0b556eaf4392e8f2206d0a4b895258426ceb9a34615bfdd9b49469ed39dec431b76c6e25912edbb2106c543deaec7a84feb49d5
SSDEEP

3072:WqoSo7L+jY8U2bY1Pz5jofiHX8jW+pYkmHevVWjHeXLwdpbYmlq:Wq9oi1U2yP1jofSut2HebMpbY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
964	Unicorn-30447.exe
436	Unicorn-18460.exe
3720	Unicorn-47411.exe
4644	Unicorn-4251.exe
1988	Unicorn-20396.exe
5096	Unicorn-33010.exe
2192	Unicorn-46746.exe
5116	Unicorn-57596.exe
3464	Unicorn-33868.exe
1536	Unicorn-4482.exe
1632	Unicorn-24348.exe
2884	Unicorn-8011.exe
2840	Unicorn-40227.exe
3624	Unicorn-40492.exe
540	Unicorn-7170.exe
3812	Unicorn-43196.exe
312	Unicorn-23138.exe
1056	Unicorn-15214.exe
3848	Unicorn-14830.exe
1836	Unicorn-44659.exe
2024	Unicorn-55594.exe
4876	Unicorn-5074.exe
4920	Unicorn-5339.exe
2296	Unicorn-5339.exe
1720	Unicorn-50072.exe
1964	Unicorn-28674.exe
2476	Unicorn-50819.exe
4948	Unicorn-5339.exe
376	Unicorn-47834.exe
5088	Unicorn-5339.exe
4416	Unicorn-9179.exe
2264	Unicorn-8987.exe
2536	Unicorn-53590.exe
4668	Unicorn-2665.exe
3140	Unicorn-61482.exe
2900	Unicorn-34172.exe
3764	Unicorn-34172.exe
1300	Unicorn-63123.exe
4836	Unicorn-65090.exe
1864	Unicorn-28028.exe
1564	Unicorn-60508.exe
2604	Unicorn-45635.exe
4488	Unicorn-45900.exe
3420	Unicorn-39770.exe
1636	Unicorn-45516.exe
3932	Unicorn-27170.exe
4632	Unicorn-3243.exe
4020	Unicorn-3243.exe
1164	Unicorn-50799.exe
2568	Unicorn-33922.exe
3392	Unicorn-53404.exe
3804	Unicorn-11417.exe
3852	Unicorn-20348.exe
4452	Unicorn-55708.exe
932	Unicorn-22460.exe
4740	Unicorn-55132.exe
4624	Unicorn-54940.exe
676	Unicorn-18354.exe
2992	Unicorn-54556.exe
3408	Unicorn-34690.exe
2200	Unicorn-4898.exe
3892	Unicorn-20658.exe
4300	Unicorn-55791.exe
1096	Unicorn-56403.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
9604	5492	WerFault.exe	195
9592	6220	WerFault.exe	241
15696	12592	WerFault.exe	611

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12932	dwm.exe
Token: SeChangeNotifyPrivilege	12932	dwm.exe
Token: 33	12932	dwm.exe
Token: SeIncBasePriorityPrivilege	12932	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe
964	Unicorn-30447.exe
436	Unicorn-18460.exe
3720	Unicorn-47411.exe
4644	Unicorn-4251.exe
1988	Unicorn-20396.exe
5096	Unicorn-33010.exe
2192	Unicorn-46746.exe
5116	Unicorn-57596.exe
3464	Unicorn-33868.exe
2884	Unicorn-8011.exe
2840	Unicorn-40227.exe
540	Unicorn-7170.exe
1536	Unicorn-4482.exe
1632	Unicorn-24348.exe
3624	Unicorn-40492.exe
3812	Unicorn-43196.exe
312	Unicorn-23138.exe
1056	Unicorn-15214.exe
3848	Unicorn-14830.exe
376	Unicorn-47834.exe
1836	Unicorn-44659.exe
1720	Unicorn-50072.exe
1964	Unicorn-28674.exe
5088	Unicorn-5339.exe
4920	Unicorn-5339.exe
4876	Unicorn-5074.exe
4948	Unicorn-5339.exe
2476	Unicorn-50819.exe
2024	Unicorn-55594.exe
2296	Unicorn-5339.exe
4416	Unicorn-9179.exe
4668	Unicorn-2665.exe
2536	Unicorn-53590.exe
2264	Unicorn-8987.exe
3140	Unicorn-61482.exe
3764	Unicorn-34172.exe
2900	Unicorn-34172.exe
1300	Unicorn-63123.exe
4836	Unicorn-65090.exe
1864	Unicorn-28028.exe
1564	Unicorn-60508.exe
4488	Unicorn-45900.exe
2604	Unicorn-45635.exe
1636	Unicorn-45516.exe
3932	Unicorn-27170.exe
3420	Unicorn-39770.exe
4632	Unicorn-3243.exe
1164	Unicorn-50799.exe
4020	Unicorn-3243.exe
3804	Unicorn-11417.exe
2568	Unicorn-33922.exe
3392	Unicorn-53404.exe
3852	Unicorn-20348.exe
932	Unicorn-22460.exe
4452	Unicorn-55708.exe
4624	Unicorn-54940.exe
4740	Unicorn-55132.exe
4520	Unicorn-52755.exe
4484	Unicorn-953.exe
2040	Unicorn-953.exe
2992	Unicorn-54556.exe
4300	Unicorn-55791.exe
3892	Unicorn-20658.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 964	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	85
PID 4556 wrote to memory of 964	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	85
PID 4556 wrote to memory of 964	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	85
PID 964 wrote to memory of 436	964	Unicorn-30447.exe	86
PID 964 wrote to memory of 436	964	Unicorn-30447.exe	86
PID 964 wrote to memory of 436	964	Unicorn-30447.exe	86
PID 4556 wrote to memory of 3720	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	87
PID 4556 wrote to memory of 3720	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	87
PID 4556 wrote to memory of 3720	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	87
PID 436 wrote to memory of 4644	436	Unicorn-18460.exe	88
PID 436 wrote to memory of 4644	436	Unicorn-18460.exe	88
PID 436 wrote to memory of 4644	436	Unicorn-18460.exe	88
PID 3720 wrote to memory of 1988	3720	Unicorn-47411.exe	89
PID 3720 wrote to memory of 1988	3720	Unicorn-47411.exe	89
PID 3720 wrote to memory of 1988	3720	Unicorn-47411.exe	89
PID 4556 wrote to memory of 2192	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	90
PID 4556 wrote to memory of 2192	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	90
PID 4556 wrote to memory of 2192	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	90
PID 964 wrote to memory of 5096	964	Unicorn-30447.exe	91
PID 964 wrote to memory of 5096	964	Unicorn-30447.exe	91
PID 964 wrote to memory of 5096	964	Unicorn-30447.exe	91
PID 5096 wrote to memory of 5116	5096	Unicorn-33010.exe	92
PID 5096 wrote to memory of 5116	5096	Unicorn-33010.exe	92
PID 5096 wrote to memory of 5116	5096	Unicorn-33010.exe	92
PID 964 wrote to memory of 3464	964	Unicorn-30447.exe	93
PID 964 wrote to memory of 3464	964	Unicorn-30447.exe	93
PID 964 wrote to memory of 3464	964	Unicorn-30447.exe	93
PID 436 wrote to memory of 1536	436	Unicorn-18460.exe	94
PID 436 wrote to memory of 1536	436	Unicorn-18460.exe	94
PID 436 wrote to memory of 1536	436	Unicorn-18460.exe	94
PID 2192 wrote to memory of 1632	2192	Unicorn-46746.exe	95
PID 2192 wrote to memory of 1632	2192	Unicorn-46746.exe	95
PID 2192 wrote to memory of 1632	2192	Unicorn-46746.exe	95
PID 4644 wrote to memory of 2884	4644	Unicorn-4251.exe	96
PID 4644 wrote to memory of 2884	4644	Unicorn-4251.exe	96
PID 4644 wrote to memory of 2884	4644	Unicorn-4251.exe	96
PID 4556 wrote to memory of 2840	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	97
PID 1988 wrote to memory of 3624	1988	Unicorn-20396.exe	98
PID 4556 wrote to memory of 2840	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	97
PID 4556 wrote to memory of 2840	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	97
PID 1988 wrote to memory of 3624	1988	Unicorn-20396.exe	98
PID 1988 wrote to memory of 3624	1988	Unicorn-20396.exe	98
PID 3720 wrote to memory of 540	3720	Unicorn-47411.exe	99
PID 3720 wrote to memory of 540	3720	Unicorn-47411.exe	99
PID 3720 wrote to memory of 540	3720	Unicorn-47411.exe	99
PID 5116 wrote to memory of 3812	5116	Unicorn-57596.exe	100
PID 5116 wrote to memory of 3812	5116	Unicorn-57596.exe	100
PID 5116 wrote to memory of 3812	5116	Unicorn-57596.exe	100
PID 5096 wrote to memory of 312	5096	Unicorn-33010.exe	101
PID 5096 wrote to memory of 312	5096	Unicorn-33010.exe	101
PID 5096 wrote to memory of 312	5096	Unicorn-33010.exe	101
PID 2840 wrote to memory of 1056	2840	Unicorn-40227.exe	102
PID 2840 wrote to memory of 1056	2840	Unicorn-40227.exe	102
PID 2840 wrote to memory of 1056	2840	Unicorn-40227.exe	102
PID 1632 wrote to memory of 3848	1632	Unicorn-24348.exe	103
PID 1632 wrote to memory of 3848	1632	Unicorn-24348.exe	103
PID 1632 wrote to memory of 3848	1632	Unicorn-24348.exe	103
PID 2192 wrote to memory of 1836	2192	Unicorn-46746.exe	104
PID 2192 wrote to memory of 1836	2192	Unicorn-46746.exe	104
PID 2192 wrote to memory of 1836	2192	Unicorn-46746.exe	104
PID 4556 wrote to memory of 2024	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	105
PID 4556 wrote to memory of 2024	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	105
PID 4556 wrote to memory of 2024	4556	a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe	105
PID 964 wrote to memory of 4876	964	Unicorn-30447.exe	106

C:\Users\Admin\AppData\Local\Temp\a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe
"C:\Users\Admin\AppData\Local\Temp\a3cac07db932f0536c4ba8311e5f5d3fe6fc32de2709e984bfc2856e76161281.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49274.exe
        10⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        9⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        9⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        9⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        9⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        9⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        9⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        8⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        7⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        7⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        7⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        6⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        8⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        7⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        7⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        7⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        5⤵
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3919.exe
        9⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        8⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38527.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        7⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        7⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        7⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        6⤵
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
        5⤵
        Executes dropped EXE
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        7⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        7⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        7⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
        7⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64877.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        6⤵
        
        PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        6⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        6⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        8⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        8⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        7⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        6⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 716
        7⤵
        Program crash
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        6⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
        7⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        6⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
        6⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        5⤵
        
        PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        5⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        6⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        6⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        5⤵
        
        PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        6⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        5⤵
        
        PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
      4⤵
      PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
      4⤵
      PID:6212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        7⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        9⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
        8⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        8⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        7⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
        6⤵
        Executes dropped EXE
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        7⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        7⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        7⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        7⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        7⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        6⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
        7⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        7⤵
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        6⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        6⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        5⤵
        
        PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        7⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        6⤵
        
        PID:13044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        6⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19023.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        7⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
        6⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        5⤵
        
        PID:14512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        7⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        6⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        6⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
        5⤵
        
        PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        6⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        7⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        6⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        5⤵
        
        PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29279.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        5⤵
        
        PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49829.exe
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      4⤵
      PID:11524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
      4⤵
      PID:13340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        6⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        7⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        6⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
        6⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        6⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23372.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        5⤵
        
        PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        6⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        6⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        5⤵
        
        PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        5⤵
        
        PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        5⤵
        
        PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51210.exe
      4⤵
      PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        5⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
        6⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        7⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        6⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52065.exe
        5⤵
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
      4⤵
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        6⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
        5⤵
        
        PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        5⤵
        
        PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
      4⤵
      PID:8424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39818.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
      4⤵
      PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        5⤵
        
        PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        5⤵
        
        PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
      4⤵
      PID:13536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
    3⤵
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        5⤵
        
        PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
      4⤵
      PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
      4⤵
      PID:11364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
    3⤵
    PID:8112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
    3⤵
    PID:10756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
    3⤵
    PID:5600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        7⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        9⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        9⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        9⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        7⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        8⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12592 -s 460
        9⤵
        Program crash
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        8⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        7⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        7⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        6⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        7⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
        6⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        6⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
        8⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        7⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        6⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        6⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        6⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        6⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
      4⤵
      Executes dropped EXE
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        6⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        5⤵
        
        PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        5⤵
        
        PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
      4⤵
      PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47914.exe
      4⤵
      PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        7⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        6⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        5⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
      4⤵
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        6⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        5⤵
        
        PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        5⤵
        
        PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
      4⤵
      PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
      4⤵
      PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
      4⤵
      PID:9996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        7⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        6⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        6⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
        5⤵
        
        PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        5⤵
        
        PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
      4⤵
      PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
      4⤵
      PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
    3⤵
    - Executes dropped EXE
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52156.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        5⤵
        
        PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        5⤵
        
        PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
      4⤵
      PID:11252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
      4⤵
      PID:8260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15413.exe
    3⤵
    PID:8012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
    3⤵
    PID:10244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
    3⤵
    PID:11344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        8⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        8⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49738.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
        7⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        6⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        6⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        8⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
        7⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        6⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        6⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        7⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        6⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        6⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        5⤵
        
        PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        6⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        5⤵
        
        PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
      4⤵
      PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
      4⤵
      PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        5⤵
        
        PID:460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        7⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        6⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7141.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        5⤵
        
        PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
      4⤵
      PID:14368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        6⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        5⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        5⤵
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
      4⤵
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
      4⤵
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
      4⤵
      PID:7452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
    3⤵
    PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
      4⤵
      PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
    3⤵
    PID:9544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
    3⤵
    PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
    3⤵
    PID:8280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        7⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        6⤵
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        5⤵
        
        PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
      4⤵
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        6⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        6⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        5⤵
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        5⤵
        
        PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
        5⤵
        
        PID:5492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 724
        6⤵
        Program crash
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        5⤵
        
        PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
        5⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        6⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        5⤵
        
        PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
      4⤵
      PID:12388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
    3⤵
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        5⤵
        
        PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
      4⤵
      PID:15116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
    3⤵
    PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
      4⤵
      PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
    3⤵
    PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
      4⤵
      PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
    3⤵
    PID:13124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
    3⤵
    PID:14492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
    3⤵
    PID:5776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        6⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
      4⤵
      PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
      4⤵
      PID:10576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
    3⤵
    PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
      4⤵
      PID:11888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
      4⤵
      PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
      4⤵
      PID:12948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
    3⤵
    PID:8824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
    3⤵
    PID:13056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
    3⤵
    PID:9256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
    3⤵
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        5⤵
        
        PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
      4⤵
      PID:11224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
    3⤵
    PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
      4⤵
      PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
    3⤵
    PID:10188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
    3⤵
    PID:13428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
    3⤵
    PID:8944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
  2⤵
  PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
    3⤵
    PID:9880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
    3⤵
    PID:12800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
    3⤵
    PID:6864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
  2⤵
  PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
    3⤵
    PID:10220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
    3⤵
    PID:5496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe
  2⤵
  PID:9484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
  2⤵
  PID:13320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
  2⤵
  PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5492 -ip 5492
1⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6220 -ip 6220
1⤵
PID:9376

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe

Filesize
468KB

MD5
06818772e164e27fc1d5e11005808480

SHA1
2eae62421f892f0305a8ab92ebe929533a998ec1

SHA256
52732447dfa2c4aba7d6d167c61f80acdf4a236e44a02bc8e7d4c3a899c9afbb

SHA512
be465b7ab7d806d6e6ce3375077bc314ee2a5a8bd2efa34d5190a1b9abfa660119c6ae1c6d1d659450d7e68d41c53845b7c8327e9aba25766d2885932f8a7210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe

Filesize
468KB

MD5
f939d60e1845cbff3ec0450d72c0d29b

SHA1
357b9c25b22e24c44e9165d625c9365d6a73a53c

SHA256
0d5616305819c89d1e015b25af6c215ff3c362bfcf4aa137b8a01606fb1b2dc4

SHA512
b77c3d5ae837d919092f6b5473e84b9cb93d5c9df62864e0d963d2d55285090da5491565946cffbf904d2430b341184f232f01719d819b3da7daa4bdd33bff9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe

Filesize
468KB

MD5
b4c0c2e9e75d607e1d8c0fb8f249484c

SHA1
2090c9328fc769fb8fe5ead1984a07194ea90e0e

SHA256
9f93d7655dcc181ba89a80c632b979237a0c4f4fa408406cebb4d35ee3a8e4d9

SHA512
ba91e9cf5a2a2946b7c3c25200bd20fb394367aa92af113ab9e20ea1c5c78ce81a99e3d550a3966d71298e7c56c27a34da049de87e571666d4d35d801fd3f805

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe

Filesize
468KB

MD5
db4ffcc7813159ee1e04a3945cb0a10a

SHA1
95b2d496df724d6049d73e8b0de922977372fb2a

SHA256
a0056aa9525f4f1395f04dd011ec4fbcc32fd8cc8331e1a1e84852558ce82a5f

SHA512
a1f45df4e488e2339ae25a3ca5802ab566b140a15753491b4e5b1876ffec6211302ae53c403a271351a5845fe7f5c348410e3ca1f52a477bee011ed4b1314043

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe

Filesize
468KB

MD5
4818a4af82d2bea46b51ba2644b16137

SHA1
36c472e7ca2f60c4e96d6719187c4b7ef9a12dc6

SHA256
c8ed91a1c34e576a3548098866440ab30eb610c1a8be193f808293b5ace7d327

SHA512
44b5a0cd3613a2678b1bbc32555b0b47b6e6349b37c98fa114ee38af5cf5ef55009b9a8af557b4e9565b7f519532199cd84bd54c5868993011b45512ef6045fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe

Filesize
468KB

MD5
a35fe9979a7778bd483a21056a60dba4

SHA1
1cb22eb0828b1966efb19b7d825c4e1f126e9bbc

SHA256
f18f33865aef72ddba825148a613088eb0224a69e96b4181b616ed4863990ad7

SHA512
c94c1259d75724733f1e72def88006bf207f5222e1ba78e50d35d7d57b1a7ce5e1e3907bbb7dafb8656dab6a6ca38e42d2b7a84e20689d2d2e9dfadf00f79d22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe

Filesize
468KB

MD5
60acbeb6074842f7e4f6691f66207bf5

SHA1
5417cbf8a2f9c805f86e8299c67b7bb832fb9e58

SHA256
8be2f6d13e449ab4e798cd155974009ce9209cd802ae289ace3d72594de4e1ea

SHA512
549ea046dc5fccf8ae86023bf7e478609f3a986fcf12b9eed2df440311681ca70494697e1d873bd10b9c5f89970d9d627692c62b9c1ddb28fab41a0a38125367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe

Filesize
468KB

MD5
294b4c1b08e10a19ef2040195afdf9bf

SHA1
a1b0e1b2ee672139a3381916f1a83a9b3ddfa897

SHA256
c4207a3678bad583bb48e7143cac6ccdefc83f8910b3f405553edd3d625e3124

SHA512
1cc0fee43d26f97501e6acb1338c1ab93cf1758ca1f9655a266541e60a6ff46bcb9d32b54bf13bd34f5468cb75b907b0f39909ec624b9f059265cdfa694a6b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe

Filesize
468KB

MD5
85172620721ea235d64a5fbfa280012a

SHA1
28f4127d405722698326f66107e77cd838591205

SHA256
86c6bad8ec26d21fe9d804e273464d0a67e55e7651e9d4c82c5be0a4bb2f13a9

SHA512
93747faec7e1cdf2ad7a65f1a5b9785f322e0beeab7a61ef689c354029db9aef6e8be172aa4207c6efdc867d4b6948150a20b3cd950e88508f16c645b28f183a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe

Filesize
468KB

MD5
58a907efb970a57941f8c9b02ce50b2b

SHA1
836c6968c4401cd5f1060d977ff3556858f95e54

SHA256
861baebf57f6ce77ac6eaed87d537e369378ff865fd5599f5a998cfea8e8b66e

SHA512
43efaa04e2f9407e70e0383554abd86ae01109296ca50a146eaee5ca225622904add55ae230040960341c8ababacbff0e30312040693df6f39034f1d08009e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe

Filesize
468KB

MD5
7729d1179f7ee725d9147a4f59e1977b

SHA1
908bec57147daa175e0ae10e924b54c6d0f56391

SHA256
fa0db517b802e279ed4078a5ce455c408e30d67a8abbfefbc524a2ea834151cd

SHA512
adb8f5817df7cead6d22bd2cdbe4fb9c2e854cabe6fdbfa9db46276a32f73b52ec74b28494802244708054ae1c2dd9be193e879f69911c61b6950c79baf749ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe

Filesize
468KB

MD5
795a7ecc040d1d98652d3217734a5881

SHA1
7e6922f3fb8b2cccfc59e18d891ce3796e748c37

SHA256
abcf82ff9154ce027989037a17b77c75f94a3448d5c86e105ad8839ea8ceb4c2

SHA512
0272a28a54f71480fe64f540a213a3686d7ec931bba130e75fa1be0fd36f9956b999973be23996926bd1e561180522e14c5e1e6a0d82567da4900555a2d165c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe

Filesize
468KB

MD5
1cc6ae6af04d50b9b0d70499b72c709a

SHA1
930598ccc1ef7a755903cff38c333ac0a5a9d174

SHA256
3c4d6c7aad279d6d578f5de398be631b061d3e9e7f871082ae721f0ff5c63209

SHA512
c09062045d12e097156c5aad1d5d49de432efc8e8f5c45ffd5b5d2a0db02aee9992a004c8dfb7d3e142fa642c99b4365f0734d508edf273823a357ea1fa95068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe

Filesize
468KB

MD5
5bd38e4ffd665553434c54fc87f2db41

SHA1
cddd1b8f2a783dd1034aad9c93389c29943c1e4f

SHA256
4f7963f4c5316cf9c7d51f0f8e5e8d9005c08801f7c20e581eb9e5c7141f843f

SHA512
d4d4ee6f7f411180d0b5f676b7382e20df8a0fc2a9f395daf3fb51514938ac61e3e03001fba4c656caa1c6236dcba5d434dae3a63ea3b5b0123d710ba97d5451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe

Filesize
468KB

MD5
dd1a48639b6dfc0b8c2d2564994ffed3

SHA1
775c7fa89394e11c0ed7442592c149ff3c511544

SHA256
ae66ce0a83afb7162e138310c6c6fc89130c5170c8bdddc36fb80c72e94c37a1

SHA512
a76958ef38fa3e6a0a04554a3e13a5a17501cc8a1313bda03a123fc14fa868d1b73b2d6d091396cdcf29e8145f47fba4f57b925da8f277bd125c824a8ce54c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe

Filesize
468KB

MD5
4ef82e86601432705e8771885e35231d

SHA1
75b318e4d36cba9fa5e516c9db205a83cabd66c4

SHA256
cf7eb73ea1f36abdf623db8275086a8465f4431673cc1a74658c0a50bf52f32f

SHA512
1d7b1dd8887958d35866f71fa158d589cacea08f25de008385c0dca0534cd9f70d7022f0dab88741ee81c2cbc7d4243fac3c3fac1a57b6a97b16bdc438759cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe

Filesize
468KB

MD5
beea8cec530461798ff9d7c1a368c209

SHA1
98fa0070f72478fe315be44a5d4eac11b6c6f481

SHA256
f657e7fb47b3165d2eebfdd3d674f3cde160559d0585e84cb123290356b1ce24

SHA512
7d2ab523e1de9ac442019b47b00412ce41df8e2a9af2f3864c3e5c3ae98912533c9e702241246127cb13478da8b9fbf85e523c32f209c30e4bd33fabbc69b3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe

Filesize
468KB

MD5
72651760452dd0ebed3d815b6742538e

SHA1
d40b7e5d0a1d2085f876e071c350d28550a78680

SHA256
bb9654c603c08c019fe1ea2a992f2960c21cb8050d947bcb1988db04b11379dc

SHA512
698a37abeaf70e4eabe6f04d20a35e77473c81a8a049c6099ef1c3a4e7f107276ce34549e93f9e33758b1074f57e9d2fb0dfc7715c2ae4c4db409ab61afc6989

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe

Filesize
468KB

MD5
edd29f080a9fce7223e05780da871a01

SHA1
8a0aa0d8de1596d513ac01e4d6037bac20ce2497

SHA256
c9ff71b9f2bdfbf73659e57eb49db2fdfae134a61c8670ff59023a8c4aaedbf5

SHA512
67439356793d83aeac661106e383922265ebcfedaa5d3ce8886d0838831815c1c3dc659e56854d99818bff1e98fd73871b36045477d549204505b8fb65044085

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe

Filesize
468KB

MD5
9bb5e6bc05f1a0c94d3c2e68f1c69a08

SHA1
ba7b17c8d11428e4927ca5329213d0c61c42d7ee

SHA256
74b857d343b7164f9549cb0b331e63ae2eb9ae5aed5cc5297d176cea1e5be2ca

SHA512
1e7c04f247f29b333a3606472a8cb6d1c6776725d2488ab88d897183114adc9728748ca939cd6be197f8775e8137c0626d22e8e642488b3668243952eca27e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe

Filesize
468KB

MD5
99e82d4de8735c9da69a6ac51cc2a305

SHA1
07150f7fe044ead9117b959d8b872675b878cbb6

SHA256
4ae050008f9a11e0786d2e8d7de1f646e80072a659df5479d1c87a3332c0f71a

SHA512
2d0ff970d73f47b4822f11f83f57ab3b3fe31b9b89e8605ea8a349bcca38ef4195aa07b1ed991e44125f573417dbdbb6cfadd206b6d5d596cb85e34f55f748b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe

Filesize
468KB

MD5
100713d5748e3dfcfe39aa66f0f15f46

SHA1
fb23fff0e01cdc92baad69a432b4ac32fc016bf1

SHA256
0107e3e4a0523626664981bf3ce03a29482dbdfbddd4a187f96e4305c7ee00b0

SHA512
a37d611d6fc9ca9c850fca0c707b8bbd691cfa2108ec243031dcd3a421332fab9dc88d535ef55b871ea4ab22f51e543ef2196e34d94ae4daccd39485960a41ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe

Filesize
468KB

MD5
7248e8e7af6bfeb33224f34ec886aabc

SHA1
b3841bbe2d684a4d009e47a6a177d575f5093187

SHA256
f07094fa80ae1109f7def8fb7df71abcbd576e717c9d515e65be6bf641fd3f93

SHA512
c49bfc75cf57275ee9c6320c3af6bf5f28af5d07393017b5c61eb98c136e8424eb390cb5fcfe511416f88ac42e71a6dbf5aec1655c67e6b5eb88e35855eef231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe

Filesize
468KB

MD5
8d03a4d848aa3be81bcff69c87b57ee7

SHA1
2610b9f89bcd9dfc14399eeb0de16204d0920667

SHA256
b7e6c6bb10a13f5be935dc0731d7edf1a2c247fd614f9e11b30f082b3f41a55e

SHA512
bebc0bdfcf9ed833da3b878a7d92bce5622e693035f1d88359a42b229cae8f83870da1555b8452b9510a6254e3b3792163b39bc2ad7cfd14f884736de6bef759

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe

Filesize
468KB

MD5
e874211eedfe0bf081ffd3f77a9a91a4

SHA1
7e7f5d6b2bafff0a3ea5b550720ddc20b8399507

SHA256
bf16f4b52e212e0bf1e3008f2779c5e0dde49e25652c0523d1b40ff3308d42c7

SHA512
9a0d1e001738069f6ce249eb2fa97fee62ff495b46d0594495b1448efe265be520a87cb00d25cf54c81fd41295bafbb0881905154d83923f1208e30437f7cec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe

Filesize
468KB

MD5
84f8d0c65a75fbdbbdd8db6e7645c4a7

SHA1
784725d6149b0f5671e71f9670da0911eb723828

SHA256
1b8296016e25685ce4899cc355bb3e0ccacd3b3de431ee790b88bfbb954a1010

SHA512
f4c18eda2955fdda6c7baf180d71afc858666a6cb6126fd9ee87a3628965894e8fc9e5427549814133311bdb683b1bd5510770bab16422f9889810b532679936

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe

Filesize
468KB

MD5
0565f8252420885e9df2d8c29c3a2b6d

SHA1
fd1288cb854568851d090b095b2a2ad5523e8a34

SHA256
4330ac9a1448ef96fae1bc19c5ebdd764ee71615f17dbe023b1bb8c8793ccf4a

SHA512
939ee9ecfc30e879a849d643187fef4235ff58a751158c9e71f992cd651752e9abd642ac3493a6801fc94d6c8c4949070e2349ca868d2824cf8f46a294a55251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7141.exe

Filesize
468KB

MD5
e2fa3c02411ff1c05eeff68bb64ee464

SHA1
54cbdfb2a16d88a38ed74eab8370e5eb450eb57b

SHA256
70cb37f0b445b0124207d89363765fb221c5b58de9ecadec114d162ae2e90281

SHA512
85598ea37034f47afd11ce1cb08433edf92fc2c42fdd1c1bbe087d8272189655cfa0faf3497d859a1cd83ca0976237376c08c899d6b4988ecf733cb7b715a77e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe

Filesize
468KB

MD5
c0117b1d1cfdb5cbc1d9e90766b0a36d

SHA1
005161bad471808ace5ac5c555d0601dd9b9f836

SHA256
501c844ebad0056a08ef827b3e733b9443a3259c1384573a2efb1a90ec03c59c

SHA512
edf86f52aaa16ed5261b270f0834a10d6cedb17dae6d4374a63a1e34fcf6a2d0f48420fe7d52d51dc3459d290273fd54b428f3c0880179b17b005759b7bb27dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe

Filesize
468KB

MD5
31ce75ca44946c01fbe6d92fafcac520

SHA1
b5311f63162fd199b4b684bc6ea30b9bc4b8054a

SHA256
6edd3012c553863aff7b33f21b2df60c0efe55e30ba290d76bb5e2b776539782

SHA512
fb3bdc323066fb10b24841821ce9678c041248361ec5ee19d634e945248d37a0ac861099ea3d537f10194d10c3c9d493613ed35aaeaf15bb5cb083aad3f983e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe

Filesize
468KB

MD5
b0f1d18ef07488e39f6f356ad7cdaea1

SHA1
6a2b72d478d9b41e2bd70bc3455e3ef8c3623efe

SHA256
03915dd2ef6662b18afb91444d728cdd6906cdc725a54b41513e36581a3703e5

SHA512
814d0bba1eeea806ad57a0146d133fb2b2419db93e9f2d2214c38241fe10f9dbc3007157a683a5b0aa3189c1e5d762fd45cefb8c5ba2f434d3ba48282a0582ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe

Filesize
468KB

MD5
a17db14739fc682a0587ae409c141430

SHA1
dcaf45ce6bf43d277fdc0776239bf95f3fc0008c

SHA256
f566048c77fc9e858d99b54ba7fee3285c870f3ddc4ea93b36574dd9f8109f26

SHA512
c5a2c18cfa759be6bdba249cad52702e81c414101843684dc6f4f253613eae73f340f5793119a455b242b0f043af7da3890dc186412fbe3ebbf3a220c90577b0

Download Submit
memory/312-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/436-12-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/460-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/540-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/676-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/700-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/736-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/764-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/916-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/932-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/948-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1088-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1164-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1212-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1300-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1564-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1632-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1676-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1720-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1844-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1864-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1988-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2200-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2568-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2900-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3140-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3380-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3392-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3408-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3420-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3464-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3720-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3804-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3812-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3848-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3852-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3892-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3944-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4188-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4416-217-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4484-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4520-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4556-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4644-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4668-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4740-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4836-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4920-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4936-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4972-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-571-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5364-572-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads