32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe
Size

184KB
MD5

21b51c3086d750c448aa12080189192d
SHA1

e9c746b7cbe45bca6535cb1dd40d85b6d18ea103
SHA256

32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272
SHA512

a3c8caf412bc17da3355f6194405f2fcc0277ecdc6ab86e76f6ffa82392eb3d3231fd4f8ebc7d50660e88887e3b56792885b177fc2a2c7ba8a7e30e884955450
SSDEEP

3072:QGk5eCo/nHZW+xx8ZIO0tWHelvnqnviu:QGKoBhxxA00HelPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4724	Unicorn-25099.exe
2064	Unicorn-20029.exe
5076	Unicorn-30889.exe
2236	Unicorn-23895.exe
3344	Unicorn-23895.exe
2016	Unicorn-21848.exe
2028	Unicorn-8113.exe
4372	Unicorn-59665.exe
1488	Unicorn-43884.exe
3984	Unicorn-4434.exe
456	Unicorn-8518.exe
2644	Unicorn-18367.exe
3388	Unicorn-64304.exe
3248	Unicorn-12502.exe
3604	Unicorn-12327.exe
4820	Unicorn-59411.exe
4712	Unicorn-47714.exe
3992	Unicorn-51051.exe
4912	Unicorn-16332.exe
1972	Unicorn-10018.exe
996	Unicorn-48913.exe
4972	Unicorn-18187.exe
4680	Unicorn-18187.exe
1948	Unicorn-24409.exe
2996	Unicorn-53089.exe
1924	Unicorn-39353.exe
4276	Unicorn-50289.exe
3064	Unicorn-1585.exe
4896	Unicorn-47522.exe
2696	Unicorn-20901.exe
4400	Unicorn-51719.exe
4416	Unicorn-11262.exe
5024	Unicorn-35867.exe
4848	Unicorn-56842.exe
1248	Unicorn-52011.exe
1120	Unicorn-27507.exe
4132	Unicorn-27242.exe
3272	Unicorn-24553.exe
2424	Unicorn-38773.exe
1032	Unicorn-9992.exe
2968	Unicorn-24937.exe
2264	Unicorn-48887.exe
4180	Unicorn-29021.exe
4144	Unicorn-59193.exe
4940	Unicorn-28467.exe
1448	Unicorn-28467.exe
1548	Unicorn-12685.exe
1760	Unicorn-32551.exe
5048	Unicorn-32286.exe
2324	Unicorn-45979.exe
5008	Unicorn-5908.exe
4688	Unicorn-26883.exe
4744	Unicorn-37818.exe
4232	Unicorn-46749.exe
1396	Unicorn-40619.exe
1792	Unicorn-11938.exe
4624	Unicorn-48787.exe
4696	Unicorn-35051.exe
1784	Unicorn-26905.exe
2992	Unicorn-41849.exe
4716	Unicorn-61715.exe
3620	Unicorn-4081.exe
4536	Unicorn-43049.exe
2632	Unicorn-46868.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
6556	2632	WerFault.exe	147
17384	17724	WerFault.exe	903
17396	18396	WerFault.exe	894
10248	18404	Process not Found	895
8484	18388	WerFault.exe	893

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17284	dwm.exe
Token: SeChangeNotifyPrivilege	17284	dwm.exe
Token: 33	17284	dwm.exe
Token: SeIncBasePriorityPrivilege	17284	dwm.exe
Token: SeCreateGlobalPrivilege	8716	Process not Found
Token: SeChangeNotifyPrivilege	8716	Process not Found
Token: 33	8716	Process not Found
Token: SeIncBasePriorityPrivilege	8716	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe
4724	Unicorn-25099.exe
2064	Unicorn-20029.exe
5076	Unicorn-30889.exe
2236	Unicorn-23895.exe
2016	Unicorn-21848.exe
3344	Unicorn-23895.exe
2028	Unicorn-8113.exe
4372	Unicorn-59665.exe
1488	Unicorn-43884.exe
3984	Unicorn-4434.exe
3388	Unicorn-64304.exe
456	Unicorn-8518.exe
2644	Unicorn-18367.exe
3248	Unicorn-12502.exe
3604	Unicorn-12327.exe
4820	Unicorn-59411.exe
4712	Unicorn-47714.exe
3992	Unicorn-51051.exe
4912	Unicorn-16332.exe
996	Unicorn-48913.exe
1972	Unicorn-10018.exe
4680	Unicorn-18187.exe
1948	Unicorn-24409.exe
1924	Unicorn-39353.exe
2996	Unicorn-53089.exe
4972	Unicorn-18187.exe
4276	Unicorn-50289.exe
4896	Unicorn-47522.exe
3064	Unicorn-1585.exe
2696	Unicorn-20901.exe
4400	Unicorn-51719.exe
4416	Unicorn-11262.exe
5024	Unicorn-35867.exe
4848	Unicorn-56842.exe
1248	Unicorn-52011.exe
1120	Unicorn-27507.exe
4132	Unicorn-27242.exe
3272	Unicorn-24553.exe
2424	Unicorn-38773.exe
1032	Unicorn-9992.exe
2968	Unicorn-24937.exe
2264	Unicorn-48887.exe
4180	Unicorn-29021.exe
4144	Unicorn-59193.exe
2324	Unicorn-45979.exe
1448	Unicorn-28467.exe
4940	Unicorn-28467.exe
1760	Unicorn-32551.exe
1548	Unicorn-12685.exe
5008	Unicorn-5908.exe
4688	Unicorn-26883.exe
1396	Unicorn-40619.exe
4624	Unicorn-48787.exe
4232	Unicorn-46749.exe
4696	Unicorn-35051.exe
4744	Unicorn-37818.exe
1792	Unicorn-11938.exe
5048	Unicorn-32286.exe
1784	Unicorn-26905.exe
4536	Unicorn-43049.exe
2992	Unicorn-41849.exe
4716	Unicorn-61715.exe
832	Unicorn-55856.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 4724	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	84
PID 2712 wrote to memory of 4724	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	84
PID 2712 wrote to memory of 4724	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	84
PID 4724 wrote to memory of 2064	4724	Unicorn-25099.exe	85
PID 4724 wrote to memory of 2064	4724	Unicorn-25099.exe	85
PID 4724 wrote to memory of 2064	4724	Unicorn-25099.exe	85
PID 2712 wrote to memory of 5076	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	86
PID 2712 wrote to memory of 5076	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	86
PID 2712 wrote to memory of 5076	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	86
PID 2064 wrote to memory of 3344	2064	Unicorn-20029.exe	88
PID 5076 wrote to memory of 2236	5076	Unicorn-30889.exe	87
PID 2064 wrote to memory of 3344	2064	Unicorn-20029.exe	88
PID 5076 wrote to memory of 2236	5076	Unicorn-30889.exe	87
PID 2064 wrote to memory of 3344	2064	Unicorn-20029.exe	88
PID 5076 wrote to memory of 2236	5076	Unicorn-30889.exe	87
PID 2712 wrote to memory of 2016	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	89
PID 2712 wrote to memory of 2016	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	89
PID 2712 wrote to memory of 2016	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	89
PID 4724 wrote to memory of 2028	4724	Unicorn-25099.exe	90
PID 4724 wrote to memory of 2028	4724	Unicorn-25099.exe	90
PID 4724 wrote to memory of 2028	4724	Unicorn-25099.exe	90
PID 2236 wrote to memory of 4372	2236	Unicorn-23895.exe	91
PID 2236 wrote to memory of 4372	2236	Unicorn-23895.exe	91
PID 2236 wrote to memory of 4372	2236	Unicorn-23895.exe	91
PID 5076 wrote to memory of 1488	5076	Unicorn-30889.exe	92
PID 5076 wrote to memory of 1488	5076	Unicorn-30889.exe	92
PID 5076 wrote to memory of 1488	5076	Unicorn-30889.exe	92
PID 2016 wrote to memory of 3984	2016	Unicorn-21848.exe	93
PID 2016 wrote to memory of 3984	2016	Unicorn-21848.exe	93
PID 2016 wrote to memory of 3984	2016	Unicorn-21848.exe	93
PID 2028 wrote to memory of 456	2028	Unicorn-8113.exe	94
PID 2028 wrote to memory of 456	2028	Unicorn-8113.exe	94
PID 2028 wrote to memory of 456	2028	Unicorn-8113.exe	94
PID 2712 wrote to memory of 2644	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	95
PID 2712 wrote to memory of 2644	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	95
PID 2712 wrote to memory of 2644	2712	32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe	95
PID 2064 wrote to memory of 3388	2064	Unicorn-20029.exe	96
PID 2064 wrote to memory of 3388	2064	Unicorn-20029.exe	96
PID 2064 wrote to memory of 3388	2064	Unicorn-20029.exe	96
PID 4724 wrote to memory of 3248	4724	Unicorn-25099.exe	97
PID 4724 wrote to memory of 3248	4724	Unicorn-25099.exe	97
PID 4724 wrote to memory of 3248	4724	Unicorn-25099.exe	97
PID 3344 wrote to memory of 3604	3344	Unicorn-23895.exe	98
PID 3344 wrote to memory of 3604	3344	Unicorn-23895.exe	98
PID 3344 wrote to memory of 3604	3344	Unicorn-23895.exe	98
PID 4372 wrote to memory of 4820	4372	Unicorn-59665.exe	99
PID 4372 wrote to memory of 4820	4372	Unicorn-59665.exe	99
PID 4372 wrote to memory of 4820	4372	Unicorn-59665.exe	99
PID 2236 wrote to memory of 4712	2236	Unicorn-23895.exe	100
PID 2236 wrote to memory of 4712	2236	Unicorn-23895.exe	100
PID 2236 wrote to memory of 4712	2236	Unicorn-23895.exe	100
PID 1488 wrote to memory of 3992	1488	Unicorn-43884.exe	101
PID 1488 wrote to memory of 3992	1488	Unicorn-43884.exe	101
PID 1488 wrote to memory of 3992	1488	Unicorn-43884.exe	101
PID 5076 wrote to memory of 4912	5076	Unicorn-30889.exe	102
PID 5076 wrote to memory of 4912	5076	Unicorn-30889.exe	102
PID 5076 wrote to memory of 4912	5076	Unicorn-30889.exe	102
PID 3984 wrote to memory of 1972	3984	Unicorn-4434.exe	103
PID 3984 wrote to memory of 1972	3984	Unicorn-4434.exe	103
PID 3984 wrote to memory of 1972	3984	Unicorn-4434.exe	103
PID 2644 wrote to memory of 996	2644	Unicorn-18367.exe	104
PID 2644 wrote to memory of 996	2644	Unicorn-18367.exe	104
PID 2644 wrote to memory of 996	2644	Unicorn-18367.exe	104
PID 3248 wrote to memory of 4972	3248	Unicorn-12502.exe	105

C:\Users\Admin\AppData\Local\Temp\32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe
"C:\Users\Admin\AppData\Local\Temp\32a9987ef3863f75ffbb0a98c0a5de360b235b27c71a73ab1dec0f8fac65d272.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        10⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        9⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        9⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        8⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        8⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        8⤵
        
        PID:19260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        8⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
        8⤵
        
        PID:18264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        7⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        9⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        7⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
        7⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        8⤵
        
        PID:17752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        7⤵
        
        PID:19028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        6⤵
        
        PID:19176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        9⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        9⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        7⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        7⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        7⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        7⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        7⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        7⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
        5⤵
        Executes dropped EXE
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        7⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        6⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        5⤵
        
        PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
        7⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
        9⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        9⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        9⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        9⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        8⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        9⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        9⤵
        
        PID:18780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        9⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        8⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        6⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        8⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
        8⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        8⤵
        
        PID:17828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        7⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        7⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        7⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        7⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        7⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
        6⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        6⤵
        
        PID:19188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        5⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        5⤵
        
        PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        8⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        8⤵
        
        PID:18232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        7⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        6⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        6⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        7⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        7⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        5⤵
        
        PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        7⤵
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        7⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        6⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        6⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        5⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        5⤵
        
        PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
      4⤵
      PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
      4⤵
      PID:12900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
      4⤵
      PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
      4⤵
      PID:18704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        8⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        8⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        7⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
        7⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        8⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
        8⤵
        
        PID:18592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        7⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        7⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        7⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        6⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        7⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        7⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        5⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        7⤵
        
        PID:18152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        6⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57957.exe
        8⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        7⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        7⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        7⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        6⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        7⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
        6⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10267.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        7⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        5⤵
        
        PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
      4⤵
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28076.exe
        6⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        6⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        5⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        5⤵
        
        PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      4⤵
      PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
      4⤵
      PID:17740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        7⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        7⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        6⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        7⤵
        
        PID:18396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18396 -s 436
        8⤵
        Program crash
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        7⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        6⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        5⤵
        
        PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        7⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        6⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        6⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        7⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        6⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
        6⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        5⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        5⤵
        
        PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        6⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        5⤵
        
        PID:18388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18388 -s 464
        6⤵
        Program crash
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        5⤵
        
        PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51021.exe
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
      4⤵
      PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
      4⤵
      PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
      4⤵
      PID:16716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        5⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54109.exe
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
      4⤵
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        6⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        5⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
        5⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        5⤵
        
        PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      4⤵
      PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        5⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        5⤵
        
        PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
      4⤵
      PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
      4⤵
      PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
      4⤵
      PID:17540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        5⤵
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
      4⤵
      PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
      4⤵
      PID:15324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61642.exe
      4⤵
      PID:18896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
      4⤵
      PID:8696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
    3⤵
    PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        5⤵
        
        PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
      4⤵
      PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        5⤵
        
        PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
      4⤵
      PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
      4⤵
      PID:18632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
    3⤵
    PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
    3⤵
    PID:9588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
    3⤵
    PID:13004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
    3⤵
    PID:16972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
    3⤵
    PID:7332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        9⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        9⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        9⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        8⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        8⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        8⤵
        
        PID:18932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        8⤵
        
        PID:18944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        8⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        8⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        8⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        7⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        7⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        7⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        7⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
        7⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        6⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        8⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        8⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        7⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        7⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        6⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        5⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        7⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        7⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        6⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
        6⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        6⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
        5⤵
        
        PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        6⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        6⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
      4⤵
      Executes dropped EXE
      PID:2632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 632
        5⤵
        Program crash
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        5⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
        5⤵
        
        PID:18568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
      4⤵
      PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
      4⤵
      PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
      4⤵
      PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      4⤵
      PID:8452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        6⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-973.exe
        8⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        8⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        6⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        5⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16436.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
        5⤵
        
        PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        5⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16436.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        7⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        6⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        5⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        5⤵
        
        PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
      4⤵
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        6⤵
        
        PID:19212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        5⤵
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        6⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        6⤵
        
        PID:18656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        5⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        5⤵
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
      4⤵
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      4⤵
      PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        7⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        7⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        6⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        6⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        6⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        6⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        5⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        5⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        6⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
        5⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        5⤵
        
        PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        5⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        6⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
      4⤵
      PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
      4⤵
      PID:9664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      4⤵
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        6⤵
        
        PID:18956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        6⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        5⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
      4⤵
      PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
      4⤵
      PID:16448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
      4⤵
      PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10293.exe
      4⤵
      PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
      4⤵
      PID:16600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
    3⤵
    PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
      4⤵
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
      4⤵
      PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
      4⤵
      PID:17816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
    3⤵
    PID:8056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
    3⤵
    PID:11084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
    3⤵
    PID:14492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
    3⤵
    PID:17480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        8⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18076.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        7⤵
        
        PID:19136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
        7⤵
        
        PID:18576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        7⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        7⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        6⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        6⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        7⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        6⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        6⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        6⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        6⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        5⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        7⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        6⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        6⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        6⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        6⤵
        
        PID:18608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        5⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        5⤵
        
        PID:19324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        5⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
      4⤵
      PID:6968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        6⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        5⤵
        
        PID:19144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
      4⤵
      PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
      4⤵
      PID:412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        7⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        5⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22116.exe
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53438.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        5⤵
        
        PID:17724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17724 -s 440
        6⤵
        Program crash
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        5⤵
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
      4⤵
      PID:8428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exe
      4⤵
      PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
      4⤵
      PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
      4⤵
      PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
      4⤵
      PID:2372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
    3⤵
    PID:7276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
    3⤵
    PID:11516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
    3⤵
    PID:15012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        7⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        6⤵
        
        PID:18844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        6⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        6⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        6⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        5⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        5⤵
        
        PID:18604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        5⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        6⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        5⤵
        
        PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        5⤵
        
        PID:18100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
      4⤵
      PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
      4⤵
      PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
      4⤵
      PID:16404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
      4⤵
      PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
      4⤵
      PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
      4⤵
      PID:18240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
    3⤵
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
      4⤵
      PID:18108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
      4⤵
      PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
    3⤵
    PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
    3⤵
    PID:9352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
    3⤵
    PID:12848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
    3⤵
    PID:16672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
    3⤵
    PID:8772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
      4⤵
      PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        5⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        5⤵
        
        PID:18668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
      4⤵
      PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
      4⤵
      PID:10940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
    3⤵
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        5⤵
        
        PID:18920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
      4⤵
      PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
      4⤵
      PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
      4⤵
      PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
      4⤵
      PID:16584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
    3⤵
    PID:9736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
    3⤵
    PID:13136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
    3⤵
    PID:16772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
    3⤵
    PID:8776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
    3⤵
    PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25421.exe
      4⤵
      PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
      4⤵
      PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
      4⤵
      PID:16816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
    3⤵
    PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
    3⤵
    PID:10848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
    3⤵
    PID:15504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
  2⤵
  PID:5124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
      4⤵
      PID:18020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
    3⤵
    PID:10160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
    3⤵
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
    3⤵
    PID:18056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
    3⤵
    PID:8360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
  2⤵
  PID:7068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
    3⤵
    PID:11856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
    3⤵
    PID:15852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
  2⤵
  PID:9356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
  2⤵
  PID:12788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
  2⤵
  PID:16632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
  2⤵
  PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2632 -ip 2632
1⤵
PID:6116

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 17724 -ip 17724
1⤵
PID:17320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 18396 -ip 18396
1⤵
PID:17368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 18388 -ip 18388
1⤵
PID:16464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 18404 -ip 18404
1⤵
PID:17712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe

Filesize
184KB

MD5
59443be6abe33391143a413f4ddc0656

SHA1
522451af1f8f74b2827c21170ebe2c0df04b4010

SHA256
85fb7ef28ab92165f03aeb272701ec719a2cbebfc024c21e0935bd940e5b1469

SHA512
506b987b4abb03d009cd65872498d68f10185d1a6a51a9ed4b27c68a5cf5028db46e22eeea299fcb09f80aee3dc61d7620c953bd7064de4a9403b2ec6141e901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe

Filesize
184KB

MD5
ac4abe5f7374da5c6c1ca69f36617e0a

SHA1
b112eac82a0b74af4ab6ef7956d5a9d4d5cc3835

SHA256
3e6d836a563f7125bc2948b8321b7a12ee82004df6f8122903e1a7e5ae5d5532

SHA512
00b63b9e6fe766364c94c9a488189c96d10735335c9974d5824b2cd5936be21f038324fbe4b087850e5a11eeff49a99c45b4def3dc5d634900454ace8c7eebb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe

Filesize
184KB

MD5
79d54500107b6982e78e167563b8fe56

SHA1
9c643d8cc6dc2abd20db8c70d0d3a79d789d90fa

SHA256
1ac5ff6bfcb7ed5fbfe50a8b9213013184db08962eda939071d9458d275c2cfc

SHA512
ab04549e6a4dec43cd847ab24648b2a969f42dad2504a8f7815a675f161964c92e26115a29a38346c26d2e7a2ecafea918e30243e8cc5f067a0074a5cc744951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe

Filesize
184KB

MD5
29a6b6a19868d906c2a2a8b8a978f97a

SHA1
673fc9d4c3f02ea8dc573d13f1c3e6ec117e47cf

SHA256
f7b8ca8bbc4aae17bd092b9cc534ad6b14904b53280a87432b91885a25befff9

SHA512
bb31742ad8178702e5fe74b5210372cb06ed1bde159a7a6a5210a6c7d498563400d02fda381fe00916843fa2000cde9fdc2d4762d41c371a9e539fb7dfa8eea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe

Filesize
184KB

MD5
44ea67b15ebecb6f12a49d749a5ea5e7

SHA1
0027f948ab4fed2d18f33921583df719d388beec

SHA256
d510d6de2f79de4b0f634abfa91950e83c052d9837c0b4e13fbb035e38d0f9d9

SHA512
24a2fdd461a85e052f8006d74dac1722e7efdfdd7a11501b170b61e50f79411f8cd355cd344c18e7339978db23c6266db78bfa5e10608bcdfab626c872fe4066

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe

Filesize
184KB

MD5
fc2471c885c7723b8899fbea14c698b7

SHA1
2934a1dc5fcca25b46097e40c68501a81cf9fc11

SHA256
7c5bfc4baf891e9f5dbfb350d382b53f48be811d740b425362463802657b4b74

SHA512
ba2b163e9a10b37e2c9daed0218f44c42bbe384f6bd463f57006253e26b576a5d8db60f1bdf7b3378de9611e6b21b4b6bdb11039ad2ad330880862635cc8b0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe

Filesize
184KB

MD5
c80d0ebbd2b7d846f0cad69890fd58d8

SHA1
cca3051ee32410688d6b16db748dd5b47bc6a207

SHA256
d0953b92c62bfadc5e86ce77d18affab266e0cfeae7cd831f3f4c5dcc4340959

SHA512
7d2afaf5b08a5b53ed849460d15a140aa6eb73c703fd707f56235d6b80ea39a26a1ebfabf13ec7d110f3dd0a96b61f9e832fe943aaac1d80ef0a49f16854fd2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe

Filesize
184KB

MD5
15586085debe20591ac8ee831aa863dd

SHA1
6d51631ca95a32652e78c5e56532095d0c6489ad

SHA256
0e604c67c0b371d58929430085aaf39004787b25aca32daa4e19d298d38d907d

SHA512
efbb77b61728c0fd24b7af7ae25f611f9c85ad49a798a8095d6ee3288170ab8ff82fa4b5ea058e78ca8608d9f41a246b7241283102c62d92e8bbd4e1cfba73fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe

Filesize
184KB

MD5
0a9a370970664f58127b1057fb37ad65

SHA1
8820dd935b26d29714d01c2bef9121c401adae72

SHA256
5141c0b58904ce34b2356b9409066e7225c321b7b8eb7e6c991572fe21465be7

SHA512
cdcdd4b1bb21bdf498452996b08258dfdb187b77479491224ec30fa753805a3d7a8d544c860cb07e5f812bb8cc2ae73544c5c78b754bb83659242a89b95b8623

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe

Filesize
184KB

MD5
6f7fd26b06f26cf193b21bb8bf44f0f1

SHA1
195d6d4b85ec583b5c76b11a4f1b67c8821b6af9

SHA256
e3e5d86baeb5c755f0450de95e5c7575b1d3c29dd4daee09ffb5e9a64c17edc3

SHA512
67eea8120702e0df11979b6545c640e0c5191164ffc34b2ed7e480cf75d35c0b3662ccae8db09846abc32894dd9d3cbae0a41e567f1feca1bb8b8a85bf973cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe

Filesize
184KB

MD5
3f16ec2b489ef3fd6d2d10786e5d575e

SHA1
07e3c512ffe0d74120391aaf82682f0e1ea31ded

SHA256
56f277844d129bf8a76155bb6e1583ba84edceb981787bd791c652501e91323c

SHA512
b5e83246b1934330f09e207aaf84801c368c76e19cd0bf1a20f8ee6b59ea30f4f9e20066ff1ebca5c03187de584ad4308253528f401a2225b4e442da964f8714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe

Filesize
184KB

MD5
44035ec709f044f293f8c5206544285f

SHA1
fc525ac3a62bb26235e49355360e4969c91672bd

SHA256
30e6da2b25649145d62a4553790fced9c42f34158e05743c0b6fe3d32dda0d29

SHA512
8c66f36c06f242b4a41e2c795e77c79f2ac609cec56d617abbfdc06fa0dbf95fdafcda040c4da621e6b19c8ee964825ac932f8eed0f2f98a27e36c69536c8590

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe

Filesize
184KB

MD5
1d9dfea6be44049bccb40fd0764c0b86

SHA1
970b215d8e2000885eb60e9587c06042f64ecf7f

SHA256
d44c149f92dd647b21d40e2bedc67af9f1cb4a489141a07a57e9f0baa3c9a341

SHA512
0b035357b5ac1bbec52e2f664cd0e70153d26eb18ff94b95fad2bb5ebb19a2e8d268b4c5cfce2536b942a494ab14b55ac7aef11ccf23c91fc200dac15827c498

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe

Filesize
184KB

MD5
62e68ca999bcd4090c84cd83f8483ca2

SHA1
0a40a829aaae7f77b407a8ce06fa724d3b9c4324

SHA256
6bc379d5f3bc04b59bcc562c3bcd05df8b47b7efe771460d48dfc5fddc42131d

SHA512
08d60fe3b0caf5b9cfc3a9c7a796463673531fc07c3088fa6415bc7b4110b638b1773debc2ef1d3fb9b07e4bea5b59e4c2888db9637b9c1ec0f368f31cce5d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe

Filesize
184KB

MD5
004772a6d167a1bb167063d1170988a0

SHA1
f473869ba34600409ca09fb8f3e5f95c9d490c64

SHA256
8a61d78426cc1b95a0a92756e8f0dd3870b41b1b8628bb209103311866072194

SHA512
2abb49719b136b3d25953226a1815257c32f51178de38e51e13c15e877e9a7f518d9b0d57715cbb3ea33e8558a454596acbb72fc5469435eb7682200b932714f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe

Filesize
184KB

MD5
aa4bd2a3ede5ec43ad22003fc5ada1bf

SHA1
da2c26210b17ce51c1d835ce98282b8304f81196

SHA256
20f5008426de8270bf5c4a5293b92eed5da5cf8efe5df33a20abfe8ba9b889ea

SHA512
f858d9202e418ca6e83ed19279102fbcf4dd5f6cc18c3f64aa55132b6c64ed2f3e06c6f9297c85a57a862928d527409f99c0266ba14dd025c572939e520059fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe

Filesize
184KB

MD5
26ccd7a47640f3e7b515b1869cff5e85

SHA1
bae3dbc14abd572840ed954e2b9671810e223b2f

SHA256
23668faaf9e635ee0c5bfb46d9230cd83efac3b45c6edcd5d3ecbe027e15219d

SHA512
240bc4881bf889b61310c358f0b931c5b23252f351b0e8c2cc1671be2deeff37fb79ac80ea5ef4b2226d10c64a2be2cc915fcaae945be639230022669899c5d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe

Filesize
184KB

MD5
c1a9bb03693a4ae7cc9b1bf06f5d6cdd

SHA1
6de594d065efde3739b18a8b5ef4088669749550

SHA256
c0d76a85f2257639be4fc3b7eacb13410112cec2a106c31d6645638415b00b72

SHA512
8171a32a5db775a1474917d6df6407db1920bc133025e6d1ae609a5a21d43ec58044073433db84a351a5da3dcd88ab38220ddbad9e8ada65426819cd118f292b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe

Filesize
184KB

MD5
23692aceae734d98d144776e65fa3b8f

SHA1
dc289eab1904810c333546731f53abec8464fce1

SHA256
af5cf26e5399e12b64c44d77cce6fbce967706c72b901d8645abc476f4879b1a

SHA512
f02deaf42a91a608df3e1acada8783cbdecd9af4ed3b696b9cf8ab92bdf399250cc210ec21bdf4c2e9e2c546b6aa3d2da14698a4e6644e626c69969960c4a6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe

Filesize
184KB

MD5
088f4a48eb42041b0c495e970fe88cae

SHA1
c0de99001bd5b2012a08e4ff5e5b4e97be06628f

SHA256
b42bd61a6e37bff301ace753bdafaad78acfe3b4a24dd7fe25d5acba5cfed8ac

SHA512
d00c8d38a7a30d9a4381bdc494e36a1c9757352d0bd609e73b70d01ce83189e4148b731f30499a47c190abea488cb464fa38f578bb9975dfd64d3b07806debc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe

Filesize
184KB

MD5
303fa464d6d2b069fe783cd728781238

SHA1
a0c2665c9db6de7a1d73e3272a4e0cfe9ad69864

SHA256
d999f741483a0a7ddd27f17478cf3a16761085638336c02da662ee5afc9c7ed3

SHA512
24921e874b0be0f08a23d65a3b96ec47a4c26290925f390b681d208f2672aabc18816b3fc2b0baece461f17993f00bf98c6fd494fa1a9d5c1b246b1dae666589

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe

Filesize
184KB

MD5
6cc527845e8be59d946954013f877168

SHA1
79ff467b455369a4a21e1b95ed7b3430341b6608

SHA256
ae2097eb77c5e597cc0a41765416e543ac0636e5ba95de2878a54e356a45b2d4

SHA512
76f6fd4a7b03e16ef3fd21b30e95e9828b316f58f5c3e5ffb355d93d791bf89209dcb82a61c59bd02c827b5d318d6c0c92afe4094c20cf1cf4a6d8829c9ac7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe

Filesize
184KB

MD5
be0b2a7c68e5a17d03cbe97bb7cc8b91

SHA1
95f80530d39182c1569a5b9409bbd63e68349b7f

SHA256
79820f08824b067ad1deb88b38f9db6155203771bfc5e46d5a78488fad60ed83

SHA512
669d447d43df34820f433f22b8b384669f840a551257d2a9a95a5badcab9f12b2487b4b24a9e7eb3aa33cfb8d25d2b7f30e31bda7b682e28d95e5cabab9adc21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe

Filesize
184KB

MD5
fad43aade000169906900ff7e5b31b42

SHA1
afa44b25f0516f77b19e5765900e99a06184c856

SHA256
a4f4805907a019d046c7d3c13da03e76c2100ea5724982eb44248fe26f31c3b9

SHA512
8e0deb82bc7f1f02fc5ead5032499e9a398fb49cd11d72177f335e765e1f33cd70c2c35717d8dcd90b82eff2b8633680b7b8041210a7f110c25def8dd45d7dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe

Filesize
184KB

MD5
9c07fc04eaf7144bbc84383d42bebad0

SHA1
af3f1bf581c59caccc53fa756e20b6513eabb52a

SHA256
1e367163a5fff33b7c1eaefe71c2344b6226f272ce96a49168a085f7133673e7

SHA512
9ee70aad1891686f0252c744ccc0941377767472a5c088b315219d37b939eb8ce5f20e7133247e3ed733fb9c50de8d9e0db338915de5eec46899f53ce97ae5da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe

Filesize
184KB

MD5
51d5d63f25c3f355fffd56d9ed8c65ea

SHA1
ecdec1e38b1e1f2713af280a9dd555e0da8468bc

SHA256
f9e4818806339acf60e6719c885e7270359c3cb8c206974f425641d1b31c39f8

SHA512
7e95096838b10e20bb0ff2b86e48cfaee5c7f7056d6271651719e1ec138bcc057945b424f0f48b0af3922d3ec542b11f40cf16294d0be68edbaeb4cacbc6ec8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe

Filesize
184KB

MD5
cb5149d356d8e65e5d1fa00aa4606ec0

SHA1
7b2ecdbedf691f7860771ad4103a9a63d65feb2b

SHA256
bab7ca291f3842beffe49205353973c86f5aeb0499d80606ca8a5abcd6ca0045

SHA512
9af936361ecd53c47ee72370055513c76e0968fd698dba8434c2c1b2cf97cc4d3b6ea7b0424ec564f2f00b4bc09e44b4990776e9a240dd6f56bf00ffc5be3445

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe

Filesize
184KB

MD5
153407249af859f515462a1f2fac0c81

SHA1
c089d6ff2b2959c1310454720d79cf80dc2f4831

SHA256
23029c9216a4ed3fb4057cb293e77da1aa6ffbca9af5b60d0503b390c9e1750c

SHA512
22a8972133cec7015bb44e33adcde59bb391fad01e5318b40440efc131d4ea9c7fd90b92ec32b93272a28c9ed7d56c3a990c8cd5da693f712860e860a0246929

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe

Filesize
184KB

MD5
2add464f0f08260d04dbaf81d7e22698

SHA1
db35e7ead3a3077a9e4626d7ccccb7d2e1e0b951

SHA256
4e7ceaaf49709a8864fcbdddcf670b1f8eeccedd67897b11e95e7d93cce46303

SHA512
e8bc80fbae63645a3ffa35c54c9cfd3e94eecc2f0d47ea6fed39a7b84c7ed8027af9deecae7bc7ec3478b2f173c10c1c8212c63ea4cb21ba17df2545b6db1b46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe

Filesize
184KB

MD5
178808ba3abdd1a45ffcf9f3662a7287

SHA1
2d13e5bcbb1822ebbba6cd3c44fc2aa6df731a48

SHA256
79b7d55c160338e3b1a5fddc791a6969dab6f57ee459bad3416ba09297888717

SHA512
b963b82f1835dd854f302b6943cb18dcdad817509d02d75553327829e33669c9402c8eb2109f0d016a130d8566a810df0f43e3ca36e486559afb193a888a0994

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe

Filesize
184KB

MD5
aff8d23516a4432642116e5ef3dad078

SHA1
a23a8049d89867a63823c9a51b7fb6fce4a4126f

SHA256
c8a22aed6a857786e520a92e6efe45061856604fc401e9cb5f76ef38a0fb530d

SHA512
bc45d33069196cb9f6e9890ba6367b26f91e627bd9c2553f877eae257f89b7dbdf5e91c6905c0eb0e6ad5fcb35d5ea43ef8e75a03410c6deb1ad0a4354c70737

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe

Filesize
184KB

MD5
13d7c1ce1ddecea8d76fa8bf529ce5d3

SHA1
c63c9bf3fe56663b6f0178fbe54a6c9c9aa392e8

SHA256
6d4242fb2e56860d1b2220eb2a2d2c22ea015614e3574c75943cdfb01cea08a0

SHA512
cbe7a3c7c157d76f4a81bd8576e657c2aa2c576e3b13c58d7263e54240cb24a682c499e463eef895d1631dac923709dff1a9106c8912600f5857cd8ad5ace244

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe

Filesize
184KB

MD5
aded3ee38b23fdc52f7d49c3c339d938

SHA1
542376b0ab2efd933b78968d5224dc1c17310672

SHA256
f2fd393de02259d01f11ed990054e0c239f8699a58c95afa7585ca1649bedcd7

SHA512
4b836083207dafbbefb6cead60becc331ac73fb29946a24f1a6766429f59284139f418ab892e81866d97d3bf8368e032eb3852ff3f927552ce2aef30cae93afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe

Filesize
184KB

MD5
e91f8e40a28fa4648da3fa3dde5f1355

SHA1
59aff4f860bc7c07b3a3e81bb72b6404c45462e6

SHA256
1c62095724a081b6c3fe1d410be6d58659b0ef7a26527fbd8ab644f3f8fa1e31

SHA512
5032cf3c96e01e03f49f03595a4d64159cc580577dbb91b338a556595944814edbf98020fae87f783562ad9b7fe935d607ee76b47e2c07237e4222ec07722818

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe

Filesize
184KB

MD5
4c1b9a384e249f35c6dc98fc739f2208

SHA1
bb9fa41a2874a71e8f01f73568df7cd9b758fc53

SHA256
a6c7ae119446bd9b6e29cc9fdb0ebebd56dca0cffc836fa2618cfc4e1fcc2c20

SHA512
92fd71bbba32598d97584294be13b8d449730224ecee780538f16c87e99749ee69e16526d924af253d6b33f10b9994e7e9629cc7af27ffde68ae6b349777e97f

Download Submit
memory/15636-3803-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads