c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75

Analysis

max time kernel
99s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe
Size

184KB
MD5

b7e46371c281f616e3571a4559e6e0d0
SHA1

7bdc97f17da02cd99c0fbc722d91da8a4d3251c9
SHA256

c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75
SHA512

aba70bbec78db9302447435fdc27eee38f252bb26276f3265afb9b4f7b2e3db7e3283077bb50f5c4b459039106b3771a14cb284e093b3933314be5e459ff0d8c
SSDEEP

3072:ITr6dLozTjXPdylA8d9B7ssSlvnqnziu:ITIoz1yl1BgsSlPqnziu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2372	Unicorn-18544.exe
3536	Unicorn-18067.exe
2724	Unicorn-45757.exe
4540	Unicorn-55363.exe
4572	Unicorn-16176.exe
3520	Unicorn-6162.exe
3420	Unicorn-2249.exe
2784	Unicorn-26643.exe
3984	Unicorn-5324.exe
1048	Unicorn-109.exe
3212	Unicorn-41692.exe
2056	Unicorn-45392.exe
3084	Unicorn-41235.exe
4008	Unicorn-24073.exe
2684	Unicorn-6013.exe
228	Unicorn-41552.exe
1016	Unicorn-14587.exe
724	Unicorn-17619.exe
1832	Unicorn-11296.exe
3928	Unicorn-24355.exe
1096	Unicorn-48398.exe
2172	Unicorn-7442.exe
1692	Unicorn-10130.exe
2860	Unicorn-25242.exe
4532	Unicorn-38313.exe
3524	Unicorn-58179.exe
844	Unicorn-2848.exe
2456	Unicorn-21785.exe
64	Unicorn-44147.exe
436	Unicorn-7177.exe
3676	Unicorn-62320.exe
1572	Unicorn-42070.exe
4480	Unicorn-61936.exe
4944	Unicorn-41053.exe
1412	Unicorn-51184.exe
4320	Unicorn-32937.exe
536	Unicorn-35206.exe
2744	Unicorn-16082.exe
3712	Unicorn-20515.exe
3880	Unicorn-50919.exe
2760	Unicorn-36310.exe
4812	Unicorn-255.exe
3896	Unicorn-20207.exe
3936	Unicorn-31283.exe
3572	Unicorn-62730.exe
4552	Unicorn-17744.exe
4132	Unicorn-28713.exe
4728	Unicorn-54547.exe
4844	Unicorn-41584.exe
4520	Unicorn-29446.exe
936	Unicorn-32246.exe
3528	Unicorn-38678.exe
3276	Unicorn-39555.exe
612	Unicorn-42051.exe
1876	Unicorn-42051.exe
2316	Unicorn-58771.exe
220	Unicorn-42087.exe
4208	Unicorn-51873.exe
1064	Unicorn-38137.exe
2548	Unicorn-35345.exe
3624	Unicorn-2066.exe
1676	Unicorn-34000.exe
1620	Unicorn-33616.exe
1532	Unicorn-13750.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
5640	5316	WerFault.exe	192
3544	1676	WerFault.exe	146
6084	4288	WerFault.exe	175
8632	1676	WerFault.exe	146
8604	5360	WerFault.exe	193
8596	4288	WerFault.exe	175
9496	5360	WerFault.exe	193
1760	2716	WerFault.exe	220
12716	2716	WerFault.exe	220
18164	19060	WerFault.exe	999

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe
2372	Unicorn-18544.exe
2724	Unicorn-45757.exe
3536	Unicorn-18067.exe
4540	Unicorn-55363.exe
4572	Unicorn-16176.exe
3520	Unicorn-6162.exe
3420	Unicorn-2249.exe
2784	Unicorn-26643.exe
3984	Unicorn-5324.exe
3212	Unicorn-41692.exe
2056	Unicorn-45392.exe
1048	Unicorn-109.exe
2684	Unicorn-6013.exe
3084	Unicorn-41235.exe
4008	Unicorn-24073.exe
228	Unicorn-41552.exe
1016	Unicorn-14587.exe
724	Unicorn-17619.exe
1832	Unicorn-11296.exe
3928	Unicorn-24355.exe
1096	Unicorn-48398.exe
2172	Unicorn-7442.exe
1692	Unicorn-10130.exe
4532	Unicorn-38313.exe
2860	Unicorn-25242.exe
3524	Unicorn-58179.exe
2456	Unicorn-21785.exe
844	Unicorn-2848.exe
64	Unicorn-44147.exe
436	Unicorn-7177.exe
3676	Unicorn-62320.exe
4480	Unicorn-61936.exe
1572	Unicorn-42070.exe
4944	Unicorn-41053.exe
1412	Unicorn-51184.exe
4320	Unicorn-32937.exe
536	Unicorn-35206.exe
2744	Unicorn-16082.exe
3712	Unicorn-20515.exe
3880	Unicorn-50919.exe
2760	Unicorn-36310.exe
4812	Unicorn-255.exe
3896	Unicorn-20207.exe
3936	Unicorn-31283.exe
4552	Unicorn-17744.exe
3572	Unicorn-62730.exe
4132	Unicorn-28713.exe
4728	Unicorn-54547.exe
4844	Unicorn-41584.exe
4520	Unicorn-29446.exe
936	Unicorn-32246.exe
3528	Unicorn-38678.exe
612	Unicorn-42051.exe
3276	Unicorn-39555.exe
2316	Unicorn-58771.exe
1876	Unicorn-42051.exe
220	Unicorn-42087.exe
1064	Unicorn-38137.exe
4208	Unicorn-51873.exe
3624	Unicorn-2066.exe
2548	Unicorn-35345.exe
1620	Unicorn-33616.exe
1676	Unicorn-34000.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 2372	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	85
PID 548 wrote to memory of 2372	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	85
PID 548 wrote to memory of 2372	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	85
PID 2372 wrote to memory of 3536	2372	Unicorn-18544.exe	86
PID 2372 wrote to memory of 3536	2372	Unicorn-18544.exe	86
PID 2372 wrote to memory of 3536	2372	Unicorn-18544.exe	86
PID 548 wrote to memory of 2724	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	87
PID 548 wrote to memory of 2724	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	87
PID 548 wrote to memory of 2724	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	87
PID 2724 wrote to memory of 4540	2724	Unicorn-45757.exe	88
PID 2724 wrote to memory of 4540	2724	Unicorn-45757.exe	88
PID 2724 wrote to memory of 4540	2724	Unicorn-45757.exe	88
PID 548 wrote to memory of 4572	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	89
PID 548 wrote to memory of 4572	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	89
PID 548 wrote to memory of 4572	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	89
PID 3536 wrote to memory of 3520	3536	Unicorn-18067.exe	90
PID 3536 wrote to memory of 3520	3536	Unicorn-18067.exe	90
PID 3536 wrote to memory of 3520	3536	Unicorn-18067.exe	90
PID 2372 wrote to memory of 3420	2372	Unicorn-18544.exe	91
PID 2372 wrote to memory of 3420	2372	Unicorn-18544.exe	91
PID 2372 wrote to memory of 3420	2372	Unicorn-18544.exe	91
PID 4540 wrote to memory of 2784	4540	Unicorn-55363.exe	92
PID 4540 wrote to memory of 2784	4540	Unicorn-55363.exe	92
PID 4540 wrote to memory of 2784	4540	Unicorn-55363.exe	92
PID 2724 wrote to memory of 3984	2724	Unicorn-45757.exe	93
PID 2724 wrote to memory of 3984	2724	Unicorn-45757.exe	93
PID 2724 wrote to memory of 3984	2724	Unicorn-45757.exe	93
PID 3520 wrote to memory of 1048	3520	Unicorn-6162.exe	94
PID 3520 wrote to memory of 1048	3520	Unicorn-6162.exe	94
PID 3520 wrote to memory of 1048	3520	Unicorn-6162.exe	94
PID 4572 wrote to memory of 3212	4572	Unicorn-16176.exe	95
PID 4572 wrote to memory of 3212	4572	Unicorn-16176.exe	95
PID 4572 wrote to memory of 3212	4572	Unicorn-16176.exe	95
PID 3420 wrote to memory of 2056	3420	Unicorn-2249.exe	96
PID 3420 wrote to memory of 2056	3420	Unicorn-2249.exe	96
PID 3420 wrote to memory of 2056	3420	Unicorn-2249.exe	96
PID 548 wrote to memory of 3084	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	97
PID 548 wrote to memory of 3084	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	97
PID 548 wrote to memory of 3084	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	97
PID 3536 wrote to memory of 4008	3536	Unicorn-18067.exe	98
PID 3536 wrote to memory of 4008	3536	Unicorn-18067.exe	98
PID 3536 wrote to memory of 4008	3536	Unicorn-18067.exe	98
PID 2372 wrote to memory of 2684	2372	Unicorn-18544.exe	99
PID 2372 wrote to memory of 2684	2372	Unicorn-18544.exe	99
PID 2372 wrote to memory of 2684	2372	Unicorn-18544.exe	99
PID 2784 wrote to memory of 228	2784	Unicorn-26643.exe	100
PID 2784 wrote to memory of 228	2784	Unicorn-26643.exe	100
PID 2784 wrote to memory of 228	2784	Unicorn-26643.exe	100
PID 4540 wrote to memory of 1016	4540	Unicorn-55363.exe	101
PID 4540 wrote to memory of 1016	4540	Unicorn-55363.exe	101
PID 4540 wrote to memory of 1016	4540	Unicorn-55363.exe	101
PID 3984 wrote to memory of 724	3984	Unicorn-5324.exe	102
PID 3984 wrote to memory of 724	3984	Unicorn-5324.exe	102
PID 3984 wrote to memory of 724	3984	Unicorn-5324.exe	102
PID 2724 wrote to memory of 1832	2724	Unicorn-45757.exe	103
PID 2724 wrote to memory of 1832	2724	Unicorn-45757.exe	103
PID 2724 wrote to memory of 1832	2724	Unicorn-45757.exe	103
PID 3084 wrote to memory of 3928	3084	Unicorn-41235.exe	104
PID 3084 wrote to memory of 3928	3084	Unicorn-41235.exe	104
PID 3084 wrote to memory of 3928	3084	Unicorn-41235.exe	104
PID 548 wrote to memory of 1096	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	105
PID 548 wrote to memory of 1096	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	105
PID 548 wrote to memory of 1096	548	c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe	105
PID 2684 wrote to memory of 2172	2684	Unicorn-6013.exe	106

C:\Users\Admin\AppData\Local\Temp\c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe
"C:\Users\Admin\AppData\Local\Temp\c065c52afbd00fb43b24caf9a809937109b96d008975a1fd3a19b931871d0d75.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        9⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        10⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        10⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        10⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        9⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        9⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        8⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        8⤵
        
        PID:18856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        8⤵
        
        PID:19284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        8⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        8⤵
        
        PID:17508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59669.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        7⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        8⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        8⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        8⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        8⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        8⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        
        PID:19084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        8⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        8⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        8⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        7⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        7⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        7⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        7⤵
        
        PID:19196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        6⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        6⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39580.exe
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        8⤵
        
        PID:18704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
        7⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        7⤵
        
        PID:19184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        7⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23067.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        7⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        7⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        6⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58654.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        5⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:19104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        5⤵
        
        PID:19404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        6⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        7⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        7⤵
        
        PID:18688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
        6⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        5⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8722.exe
        5⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        7⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
        6⤵
        
        PID:19244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        6⤵
        
        PID:18880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4388.exe
        5⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        5⤵
        
        PID:18776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31136.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
      4⤵
      PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
      4⤵
      PID:6672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        8⤵
        
        PID:18664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        7⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        7⤵
        
        PID:17756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        6⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        6⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        6⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        5⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        8⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        8⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        8⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        7⤵
        
        PID:17480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
        7⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39204.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        6⤵
        
        PID:19036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        5⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        5⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        5⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
      4⤵
      PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
      4⤵
      PID:18736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        6⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        7⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        7⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        6⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        6⤵
        
        PID:18512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        6⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
        5⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        5⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
      4⤵
      PID:4288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 484
        5⤵
        Program crash
        
        PID:6084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 504
        5⤵
        Program crash
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        5⤵
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
      4⤵
      PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
      4⤵
      PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
      4⤵
      PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
      4⤵
      PID:6840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        5⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        6⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        6⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        6⤵
        
        PID:18604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        5⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        6⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
      4⤵
      PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
      4⤵
      PID:11796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
      4⤵
      PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
      4⤵
      PID:17936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        5⤵
        
        PID:19224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
      4⤵
      PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
      4⤵
      PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
      4⤵
      PID:18992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5005.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
      4⤵
      PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
    3⤵
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
      4⤵
      PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
      4⤵
      PID:18676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
    3⤵
    PID:9608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
    3⤵
    PID:11340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7319.exe
    3⤵
    PID:14376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
    3⤵
    PID:16512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 632
        8⤵
        Program crash
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 632
        8⤵
        Program crash
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        8⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        7⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        7⤵
        
        PID:19172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        7⤵
        
        PID:19212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        6⤵
        Executes dropped EXE
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46611.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        8⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        8⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16468.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
        6⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        8⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        8⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        8⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
        7⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        7⤵
        
        PID:19220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        5⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        7⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        7⤵
        
        PID:18560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47223.exe
        5⤵
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 632
        6⤵
        Program crash
        
        PID:1760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 632
        6⤵
        Program crash
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        5⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46996.exe
        5⤵
        
        PID:19180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        7⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 632
        8⤵
        Program crash
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 632
        8⤵
        Program crash
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
        7⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48239.exe
        7⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        6⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3904.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        7⤵
        
        PID:19228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        7⤵
        
        PID:19444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
        6⤵
        
        PID:18196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48355.exe
        5⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29851.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        6⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        5⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
      4⤵
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        6⤵
        
        PID:19164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        5⤵
        
        PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        5⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        5⤵
        
        PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      4⤵
      PID:11600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
      4⤵
      PID:16872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        8⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        8⤵
        
        PID:19276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        
        PID:18980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        7⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        7⤵
        
        PID:19060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19060 -s 80
        8⤵
        Program crash
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        6⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        6⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        5⤵
        
        PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        7⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        6⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        5⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        6⤵
        
        PID:18476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
      4⤵
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14130.exe
        5⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        5⤵
        
        PID:19228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
      4⤵
      PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
      4⤵
      PID:18564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
        5⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        6⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        7⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        
        PID:18952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        5⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        5⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        5⤵
        
        PID:17792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28181.exe
      4⤵
      PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
      4⤵
      PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
      4⤵
      PID:6140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        6⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        6⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        5⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        5⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        5⤵
        
        PID:18976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
      4⤵
      PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
      4⤵
      PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
      4⤵
      PID:17528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
        5⤵
        
        PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
      4⤵
      PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
      4⤵
      PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
      4⤵
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
    3⤵
    PID:8032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
    3⤵
    PID:10860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
    3⤵
    PID:13500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
    3⤵
    PID:16516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        5⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        7⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        7⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        7⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        6⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        6⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        6⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        6⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        6⤵
        
        PID:18464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18235.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        5⤵
        
        PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
        5⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        5⤵
        
        PID:19092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        5⤵
        
        PID:19052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
      4⤵
      PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
      4⤵
      PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
      4⤵
      PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
      4⤵
      PID:7128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        6⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        5⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
        6⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      4⤵
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      4⤵
      PID:5316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 464
        5⤵
        Program crash
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
      4⤵
      PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
      4⤵
      PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
      4⤵
      PID:16820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
    3⤵
    PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
      4⤵
      PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
      4⤵
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
      4⤵
      PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
      4⤵
      PID:19140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
    3⤵
    PID:7556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
    3⤵
    PID:10156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13629.exe
    3⤵
    PID:13252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
    3⤵
    PID:15808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
    3⤵
    PID:19152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
    3⤵
    PID:19056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        7⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18344.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
      4⤵
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        5⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        6⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
      4⤵
      PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      4⤵
      PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        6⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
      4⤵
      PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
      4⤵
      PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
      4⤵
      PID:17212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
    3⤵
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
      4⤵
      PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
      4⤵
      PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      4⤵
      PID:16708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
    3⤵
    PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
    3⤵
    PID:8960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
    3⤵
    PID:17864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        6⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        6⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        6⤵
        
        PID:19120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        5⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        5⤵
        
        PID:18524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
      4⤵
      PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
      4⤵
      PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
      4⤵
      PID:18416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
    3⤵
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
      4⤵
      PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
      4⤵
      PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
      4⤵
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
    3⤵
    PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
      4⤵
      PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
      4⤵
      PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
      4⤵
      PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
      4⤵
      PID:7972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
    3⤵
    PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
    3⤵
    PID:11588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
    3⤵
    PID:15788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
    3⤵
    PID:6604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
    3⤵
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
      4⤵
      PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
      4⤵
      PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
      4⤵
      PID:888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
    3⤵
    PID:6204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
    3⤵
    PID:9476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
    3⤵
    PID:11312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
    3⤵
    PID:1152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
    3⤵
    PID:6068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
  2⤵
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    3⤵
    PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
      4⤵
      PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
    3⤵
    PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
    3⤵
    PID:12432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
    3⤵
    PID:16060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
    3⤵
    PID:6748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
  2⤵
  PID:6532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
    3⤵
    PID:17168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
  2⤵
  PID:9068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
  2⤵
  PID:11664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
  2⤵
  PID:14384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
  2⤵
  PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1676 -ip 1676
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5316 -ip 5316
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4288 -ip 4288
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1676 -ip 1676
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4288 -ip 4288
1⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5360 -ip 5360
1⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5360 -ip 5360
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2716 -ip 2716
1⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2716 -ip 2716
1⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 16192 -ip 16192
1⤵
PID:18124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe

Filesize
184KB

MD5
1e5bd80c7c57953e762ed470ef6a7f73

SHA1
85f0fd8fd732f39a779c04bc835d2affae5cd97d

SHA256
3eca5eaf63c9505c576937e7249992b25a29d8acc44a25248c3a67ba77fffd65

SHA512
e7686ab3c0213c8d62535fbb7433211008f5e2b13ea8a657ee649644a4a3aeedfc304622e6c98e125f0dabbf0492f5cbce1672445c6289fa108a7c3d6285f87c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe

Filesize
184KB

MD5
bc96fe9c63f030cfd722e09ff557524c

SHA1
df5f1d39018640cf9dfece6cb271ba654d862353

SHA256
0fec1fa76fe5c096f52f1919d3460d8eccb8a8cc9bc42392e3ead4df55b2a312

SHA512
80c0ed112eb556f8324369fe32f8f5f165b6288b6a4c7e8aee143270f27d5f73ba7a0169dc2c2e83509f98edf0ce2d67722bb7a4bf8d3fe20472ce1e09a72788

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe

Filesize
184KB

MD5
8077ac5f603a1ad7a543fb444634489b

SHA1
f14c1dfb895f91053ef9a2791d4b54dac472fa29

SHA256
735cf2a62082589cc07ae25ee2710eadeb5e93b7352b3ceda473e12d65eb7123

SHA512
f73c92f8f0d3e82bc837ccce1019b13db4886af545a3a6725948ee3618adda3e801730310345ac1dad6c7858bf6672891334bcab72889f0b602b03d781dbb7a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe

Filesize
184KB

MD5
0c88b504d751e99b2eeb861809e389d1

SHA1
8640387baa42909b73eff6304f2a72b75a32c273

SHA256
d1068762e25720f1fa6b75bf5527e5c7fa723f535298ab1fd951c38e4e26b25a

SHA512
372f318f759e26c453ddcd742e2b17fb1ff0c27dfe37f6e8031b7d96d522d5fad48c313eac6bf31957a810a6a345d4551ae690a0a3aed284afa1bc3c882098c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe

Filesize
184KB

MD5
de44b5a402d9c2ef6ab834934f71dbca

SHA1
90ce672df653d1b673e2a1de4ebf295e3bbf3c19

SHA256
d6b2b4391807266233d6e18642555306fffb70200814f8463a77b253d507c2bb

SHA512
e2b6eb49ccb8576936a212e265eed8c16f498f460249eb82b97362f243f36270cd257d2947e4a7c23ef6ca0028182597f7293d569ff26cb9209598c316cda04f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe

Filesize
184KB

MD5
8d35939e429f9054cd860cceb5e79957

SHA1
4acfee34d7555f588a027de43fbe82a025eae4fe

SHA256
58ec23b027717d044b31a458137102ee896dda2c869085543023cc395e43f6fb

SHA512
e88292cd417073e1d422a24ffff5c4916fc0c47d96692596f52d4556fdbfbc484ffa915e3bc9959c347c9b11c62b39203d9124e685be59a9080a063b5d1ec35b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe

Filesize
184KB

MD5
57a7a9cbc969f175106d14372e3f605c

SHA1
5f68d279f28fedfd7f1db12eb35a001c3a2017d8

SHA256
f936b9595ace8d1d0bd63bf1cedf024c0cd3e77148f2f138dc25586a072da2cc

SHA512
04416ed07883717aa0932c2ae2005d1e86e6268f25db71ab85777adce6f2fba8499e9c660e28eafcf20b2da5835556c081f556cc9af027f917bdd681a55695b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe

Filesize
184KB

MD5
e1de6fd82bb9f60aa6df55302c20aed6

SHA1
646a56ac4741bf6484a2560ee8cee731f214afd8

SHA256
05a9f3d9f70dbbbb161ca68ed1842154eee4cd68f817570d526237c796c8267e

SHA512
e5fe8071e651bda8c3d53d6d15d1366d8b6993b850dc989b9b45edb51b0e31f9db76d8488235e2d47e8057c4920e973f76c70e20cc719be174e71dea12eff045

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe

Filesize
184KB

MD5
feaaef0610783076cf02fbd674606c35

SHA1
4cf717a464bf0d8e1312d0375085eb298337f3a2

SHA256
acf767567d330abd56a1c38ca5e0cffa47de13b5a747bd731fb9cb323c5145ea

SHA512
0dc6c518a739eb583a33ae526fa85fbaa22bc01ca2d42bf509206a644efe114e102c0c075c91328d7ffcd99868bd0a4f7f7242db2db838c4d7bf08113c4599c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe

Filesize
184KB

MD5
17ad2f8ae2a86fe5ba68b1fac2a6215a

SHA1
4c013524e8aa70a6e1405c165c5881e3c2b10cdc

SHA256
506d4af566fb5c6478622072c3aafc735c20e8e6a1d7b944860d1045398b8ffb

SHA512
b8b6cf8b486c6b7227dd282989008ece14ad2fb5c7e7cfc8e1114050aa0d6815ed4f389a999d5c29c3e3223e28afdadf9c7df52fc49ebb9d73632fed94889f8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe

Filesize
184KB

MD5
4c78befa8dbde8a60c690a6ca1bb7470

SHA1
a67229e20f2fd259f4deb36987660318352f2c70

SHA256
6a39bc52f3e642950046d7999b34fc2e20b1253dba2b07d5e7395a48834a0a80

SHA512
caffac1d95026843126c89dde2f1840a9d493701f204b3e3ac335c1ba2d929ce7e01d29f07d26d7aa9452305c6ac42ebda86382173da58a1db5dbcc91b5464d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe

Filesize
184KB

MD5
cea29ff9054bd5c459b35a6980d5b725

SHA1
f726caa460bc7e33569d5e259c91d6615db544e7

SHA256
8d09c0008f151fbb4484fc70277c4bff61b1090ac1610cd119ae3c3603960e49

SHA512
2a20cee900adcdd4325aa70dbbebbc78846ea6bac49674bca29d51f58e1149eefb8cdc14e429cf142f357e363a9793d48c68532ec4a37d809470189b785ca130

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe

Filesize
184KB

MD5
ae79de738737e078ac2c0aba593871f1

SHA1
b86536407db3649ac1d82b20cc036cf5b841d2d1

SHA256
ff1255cf415eda3705d2aff1622a0e43e0b3d91db594fee7283e855c72c9f76b

SHA512
556644404d68a488e3a6481f39b58184dee990f4c2654ad09766695ab36f37c4943dbe6d0ef104cbefa2bf3d78efdf86aa09186cb06c8e3ab287c4f103b0ebe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe

Filesize
184KB

MD5
e211429b4095f0c97de57faa05bb7b2a

SHA1
6317d24b29a57c1dc14a7c788cfdda1d432d7cd4

SHA256
90f3ee145e79c4191a84f6ec9076ffca8fca7ccfbe85131b51b8a8120b801740

SHA512
50799180e0bdca3dafb1bd74ce7f38c4adac637dcbcff1e55ebd3add731f071f9457710a2e21c5c7fb033f933293675f54f3c066fc8f157f375b5e8d8984739b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe

Filesize
184KB

MD5
947261734ece5d66c9405766241683e7

SHA1
2d2127940424760b99e6d255301e060e87e5616d

SHA256
cf543163c867f85288e712ade26be98659f6346c2154ec58c940322fa9a82727

SHA512
657998cca3d95eca1d02f84008bd6436fb43b41e1b1a50b3c1a6e05b3a45f95dc89f2105f4af628e89af315ae364bbb96f91d144139bddd0a1db572392d54ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe

Filesize
184KB

MD5
5bb62f3c008ddacdac0ddf07ccd37ff5

SHA1
821ad5dbba2970b054111fd9809abdd52ce4189a

SHA256
68bff521248af50e18fc842d4e5e5326eb9316ffe39b55d34266f193a820afb4

SHA512
d1acc960d11b8074108757c511d10d5ebeceee6ebde3000a4430fba4e223412a2496632e04230461da40fe49e021cddf5785d315497be1f9368f77681603c87d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe

Filesize
184KB

MD5
6d5c77e99010e75935def79159e46503

SHA1
1f20d40c230514f412d5b1ad3ec0ca2aa46c6495

SHA256
9d88d0617ce209a059ed30684a318b3d94f8daa94d1e16474fb4e4a64b3f2188

SHA512
e217580fc49bcbb1678fa81849ec5c6b56a9165b84262e18fca45675f44e9e40087125c7644217636db9016fda5896ef9a80b9735e287fcae5b220429d802e23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe

Filesize
184KB

MD5
2734c081f7b85f01823f4b287b7a57e9

SHA1
32991d14e2c36f9d7b823e33c23c9667bef38a54

SHA256
5a4a9cb3dd99d66d0b1e5a5eaee940307ccbbdee8880bc560b40fd4c7f621f0b

SHA512
b89a7c11e82f05bc50f2d1ac9819192fd177352db2c7b34bf8e894d4908fc30685d7d3db0e234790b953e6cd24118499e7f10a1f79a111f74c54e734b0f0147e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe

Filesize
184KB

MD5
8b2331ee18715f05f8d629c1b0e28083

SHA1
ae4a0636128af29d09eb77166789314fbed3f12e

SHA256
8eb40edd9abfe532bd1d683ef9a733a6858aa6aacc9797e37c571835080700bc

SHA512
4527a4554b7d4bbfd6aca9583b82431590cf9f2a890b1e86ab222486ce3d8e54a194f2194ab6b9b71bc9e94804bf3b0fee6478229673300c53f17a5f1ed3d658

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe

Filesize
184KB

MD5
5fb12990120c9cb9e2a44b013ff1d83e

SHA1
f96f0cf4c93279501f8073df2a711fc2ed73c6ce

SHA256
aad4a81a5ce25cb8cdbd07aa065aba48db067878239fed803d375915e113b45a

SHA512
a9bd0a32be64a026d0575d5ed00da8fa9614d2b8d34bbcf5f4b134c25fae62f574f980361121e0a0f14e610652e36ffa09483d885cfae365cc442328d32416e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe

Filesize
184KB

MD5
cf1d59ceb03827db7dab5ee00223f50c

SHA1
3b781d58fab544a882882054c796cb1ea47c3f5a

SHA256
bcf4d741443ace88bfed88138193e122f8f8c5f9b59e3ace905bf1858f6f9b4b

SHA512
c746928733b7528ea972a2086ed7af4547ed411a08e21dea3f19cd54f681354f0ca00841d53fb2bfba32a774b2db54d45ccf02377fb727ec1250b57422304d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe

Filesize
184KB

MD5
994a5896edd6f2f2a95f06bc010d1099

SHA1
6f7ed3f6a86dcfb9d942c24da1d9614fc99c64f7

SHA256
0e394aa5e91b5e5a0c6c017014d5fba65269c31050ed73e91ae5a3f685af94cd

SHA512
17d7b6d399f4893c1b60dc8267890215c91fdbd5e29531de939548c0c2908b3f7c39573e962265b910eefebc7d052d6d883af9c086b4a27844e1b97e854546b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe

Filesize
184KB

MD5
7a6f7b98ca5068771146e23bdc8ff0a5

SHA1
0864266f70923effc315482e17759ac1901b8765

SHA256
f58ea7232d8b41ffa0f96fa7b7dec3d100548d5daf9a3dfd98732e82224aae60

SHA512
5e8e063ae6ee5c1cf380e9c26ffc994f516e9281408be00231a01ebeb6e86188714ed78ba775021fc2bd24843d7e24fc1bbeb9bf6bdc8821655a0a3b9bdf7d2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe

Filesize
184KB

MD5
cb0f257f1c319be92530145d5bc66464

SHA1
3f2d2e3509f17439a46e9953abb0a207bde3c5be

SHA256
a0fda4df7e675b11c310511668c927e1cee3ef190e7e3efb4d31c4f0393052a3

SHA512
2e955cd7b47f62dd3cc1d39beb10debea5138c73e81a313cbf5ab8f9bb2dd49d5d7d37894ae07a0f764f909fbdd70017e75a48035870479bb01ac0a8c2c39c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45757.exe

Filesize
184KB

MD5
d8b529e1fbd9a6a1e1dae758c70a168b

SHA1
d2dbece2587f6129d7ea8eee799cf71ad90956b0

SHA256
9e893a9101ab74d93b4e27ca5256d68b73de997f393def69d8f019dcf6977de6

SHA512
db8ca6e5d303d32a2d080f981098e75e95ced01502c7928598cfda8f917c276928ecd73b92d3cc11bde900d599030dac6bfeeac6fbfcaadcd30401f2c55becc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe

Filesize
184KB

MD5
bcf1d353320effe14c8761564402bf37

SHA1
4cc5f8f7aa4587a32786eafa583bcf4572ff0d2b

SHA256
d7073ea739f2f62e193682e0b1c0dc495f9490704f8ef72d73fdc22044a5e764

SHA512
2c8aee41ea87ec5e4307eac335ec541db354ad464aa12aad63f7879808bbd91a4edda1d9a1ed3cbacf16050a0edf9e41714610c99e33df28954e7f31bd7c6344

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe

Filesize
184KB

MD5
47445ce2e3d5092dcb501486cfbb8f59

SHA1
9d29f41d978ba1c1ad657c90b4d43c4934204c77

SHA256
a2b74fd7ad62b86c254bf53d13ce45b8a58ea3d280733a65989d28ae954783fe

SHA512
c76238d119e11b0c79f60e8632294d0e8f964d2877bf7249fe7dff6e885ea36d7a5a6596db74e5597a96c052242bf0ad492239e11a14a80d8a7e0c3352ba6fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe

Filesize
184KB

MD5
92ca421ad1ed82c6829f594929bdbf71

SHA1
b3a2344aac7d5b6d17b010da79075d1b97387a32

SHA256
74942e225fd43d7ee78951baef7332460216bdebd10f6884e4393012f57d1b29

SHA512
447a612291d325fec2ee15d6e44c455dfa49dda5f002c447bc5c4c35d3d77d10427afe007936aa653308b8f19733336c556c8dc408332b73b9f1e238fad0cf25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe

Filesize
184KB

MD5
7a13a5e051469ccb99562b3ef60c6235

SHA1
f216aaf5e48ab85358e95631c8a79e3c00c6e3c5

SHA256
b4a6011f53332b765a234b11da1043ee0b5bfbcdcb8c9246ab2411a021525d29

SHA512
141bd00717a1986f0f691beb446d08b13cf69be52694534ba5d5a2fab05e9900728d6af7e8fd3e3c717b14d32e2b76719f5216b2c9704bf8983a638e48e70642

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe

Filesize
184KB

MD5
f375f9937467a110938eae9804657acf

SHA1
eb982d0a355aecd406775ca402707fb8f7ee6956

SHA256
bd0c0a74cec7b9db96aeba2dccb3ad708d3467f032b7eb47e5f5f49c88874a2f

SHA512
1048fa9bdfedc76e9723ed25603615f25e55f94ac5254ca4edf31d0bb12eb5e34cd331e299961a77b6de0ecab078dad0bfe2db57912dd76ddb9ee18504d17a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe

Filesize
184KB

MD5
5628f71a1246262733c4715fa529a669

SHA1
564fc50c11465cfad96efa0c2520b43371504826

SHA256
8e0a6061064d315fb0ebd0b4eff700d1d5dc5c408b2fe6225213a5d5e2c8125f

SHA512
7c1725e56fa4a5234cd83ddcb100c75775571db19f7207c22232e3ae9bcaa6abeac95e22d1b54158589c23a169c37a81d69d4b63d91c115a2530b154ed0f1f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe

Filesize
184KB

MD5
0b1b44209036619de2aff7ccee8f96a4

SHA1
8019195ee94051a4e21afeba318e54739bec2fe5

SHA256
20bab9fb1423e12b4dcafbaf86c99a6c87df26b5b5e8d988a2d73a26d04f322e

SHA512
d80ad38a4daf37a96ea795b9499e097b2d6265e4c98375db10f888eff37ec85c2e8d1f779eecaf802ca7079b67d72c5d7dc28920beb86bcb81f0a21401484751

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe

Filesize
184KB

MD5
81e5c523d666ca52c779180f5fb2c44d

SHA1
64a352dadcdaa6f3fc0f44ecaa780974a23dce7f

SHA256
0d42c9984ca16989a75332805299862f1f01fc357f586436f5e27d9dfb3d4263

SHA512
aaa4dabbc5e17b245f2d6e9fccdeb17dbf3568c610931e6883ebea274bb3d6c8978953c2d1c3cc93ed372165c8b45fc6e0554c4253f99c5ba168da00288cbad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe

Filesize
184KB

MD5
d23b645ff33b1e3fc5ad15c223fc4ec6

SHA1
3f41c9aebee6bdb4b2195314c80e9dc61889004d

SHA256
8d3c284830d61fb8dd7e161e7b78fb6271c7b042339231502d0197567dff4192

SHA512
cb5388dcb1c87b3f19d975c36aa405c06f201cb70e38e7c0ace3d22608ab1fd53fd064196e44c0b2ef5d4ef0ea8ea37f00d748b7e1b13eda06ca672720898ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe

Filesize
184KB

MD5
6ff5841b738165f28ad8921a3a3629fc

SHA1
eb888df4007221122cfe1baf97eab241850a8584

SHA256
baafd5865e24181f005ea5d734e3528230b6023ecfb26ebe335b8d265fd90fae

SHA512
1a48090a495d468c969c71effa7375458e002f85d2d7c380cd5225f14c1cfecb06fb0ff73723dd46083217df6be89ea661cb41451485582e8dcdaebcfca07f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe

Filesize
184KB

MD5
10b4e1aedc485d44a893665cc15a4829

SHA1
49c47b9176078fa3bf12158ee8b32387c2709165

SHA256
013c52afd301889fb987ad088630c6d2a20c925ebb14beffc5499485b7e47001

SHA512
728dd45c21131c7e2f9d904a95c34c412259860a61e8e3bd058b206478afd2291d7a5590956aa0eb4557baf5260cbec9b54b304bf6b33097eca51faa9064f2bf

Download Submit
memory/2372-3055-0x00007FFAEF0A0000-0x00007FFAEF0F9000-memory.dmp

Filesize
356KB

Download
memory/2724-3056-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads