4a23c9d1cfa093d810f309c5221cc6a0c26a62d9100c9431bf48e64fa6314254

Analysis

max time kernel
120s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b020643037947afa5be0e8c6f9bffe60N.exe
Size

468KB
MD5

b020643037947afa5be0e8c6f9bffe60
SHA1

e1e28d02c814e44a120318bc6d24df696cdb6f8a
SHA256

4a23c9d1cfa093d810f309c5221cc6a0c26a62d9100c9431bf48e64fa6314254
SHA512

8173f32d4f69e74bfb0092d367dc450f3866e9b418e85428fc6fcf9635ddfab927f44bad056a160b6a53fbfcfbc89b0d365bbb9b84618786ed34b9d92d381109
SSDEEP

3072:KEAUogIdI05LtbYgzztjcf8/ECNvPBpjnmHeZVhlH7t8vSluYklP:KEHow8LtTzJjcfSnFLH7CaluY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4000	Unicorn-50624.exe
2844	Unicorn-43136.exe
4932	Unicorn-47967.exe
536	Unicorn-15263.exe
4196	Unicorn-28262.exe
3076	Unicorn-64656.exe
3300	Unicorn-9325.exe
1768	Unicorn-9887.exe
1076	Unicorn-22886.exe
4296	Unicorn-23401.exe
676	Unicorn-35278.exe
3668	Unicorn-41408.exe
1584	Unicorn-49503.exe
3944	Unicorn-29902.exe
3512	Unicorn-38558.exe
3164	Unicorn-11527.exe
3660	Unicorn-62352.exe
1032	Unicorn-16873.exe
3096	Unicorn-3478.exe
372	Unicorn-63150.exe
3284	Unicorn-44776.exe
3556	Unicorn-23566.exe
4084	Unicorn-43432.exe
540	Unicorn-43432.exe
2296	Unicorn-26333.exe
1056	Unicorn-15398.exe
2532	Unicorn-53830.exe
4168	Unicorn-43432.exe
452	Unicorn-50936.exe
4452	Unicorn-52974.exe
1624	Unicorn-3271.exe
2180	Unicorn-23757.exe
1628	Unicorn-30080.exe
4404	Unicorn-5575.exe
1856	Unicorn-43270.exe
3084	Unicorn-59799.exe
5044	Unicorn-14127.exe
2504	Unicorn-33950.exe
2964	Unicorn-37480.exe
1420	Unicorn-29504.exe
2372	Unicorn-9638.exe
224	Unicorn-62368.exe
5068	Unicorn-62368.exe
4520	Unicorn-10152.exe
2000	Unicorn-13359.exe
1960	Unicorn-46224.exe
2108	Unicorn-62560.exe
4756	Unicorn-62560.exe
4532	Unicorn-10079.exe
2404	Unicorn-10205.exe
828	Unicorn-64807.exe
964	Unicorn-32134.exe
4316	Unicorn-51735.exe
208	Unicorn-26534.exe
736	Unicorn-45870.exe
1568	Unicorn-43640.exe
2012	Unicorn-31942.exe
4616	Unicorn-65129.exe
3912	Unicorn-28575.exe
1344	Unicorn-61320.exe
1620	Unicorn-49815.exe
3728	Unicorn-63167.exe
432	Unicorn-47096.exe
3652	Unicorn-54496.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
4916	676	WerFault.exe	95
4480	1420	WerFault.exe	127
4484	1752	WerFault.exe	163
11824	5600	WerFault.exe	231
13600	7796	WerFault.exe	358
4664	7444	WerFault.exe	351
16956	7164	WerFault.exe	305
3772	17200	WerFault.exe	860

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7884	dwm.exe
Token: SeChangeNotifyPrivilege	7884	dwm.exe
Token: 33	7884	dwm.exe
Token: SeIncBasePriorityPrivilege	7884	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1924	b020643037947afa5be0e8c6f9bffe60N.exe
4000	Unicorn-50624.exe
2844	Unicorn-43136.exe
4932	Unicorn-47967.exe
536	Unicorn-15263.exe
4196	Unicorn-28262.exe
3076	Unicorn-64656.exe
3300	Unicorn-9325.exe
1768	Unicorn-9887.exe
1076	Unicorn-22886.exe
4296	Unicorn-23401.exe
676	Unicorn-35278.exe
1584	Unicorn-49503.exe
3668	Unicorn-41408.exe
3944	Unicorn-29902.exe
3512	Unicorn-38558.exe
3164	Unicorn-11527.exe
3660	Unicorn-62352.exe
1032	Unicorn-16873.exe
372	Unicorn-63150.exe
3096	Unicorn-3478.exe
3284	Unicorn-44776.exe
540	Unicorn-43432.exe
4168	Unicorn-43432.exe
4084	Unicorn-43432.exe
1056	Unicorn-15398.exe
2532	Unicorn-53830.exe
3556	Unicorn-23566.exe
2296	Unicorn-26333.exe
452	Unicorn-50936.exe
4452	Unicorn-52974.exe
1624	Unicorn-3271.exe
2180	Unicorn-23757.exe
1628	Unicorn-30080.exe
4404	Unicorn-5575.exe
1856	Unicorn-43270.exe
3084	Unicorn-59799.exe
5044	Unicorn-14127.exe
2504	Unicorn-33950.exe
2964	Unicorn-37480.exe
1420	Unicorn-29504.exe
2372	Unicorn-9638.exe
5068	Unicorn-62368.exe
224	Unicorn-62368.exe
4520	Unicorn-10152.exe
2000	Unicorn-13359.exe
1960	Unicorn-46224.exe
4756	Unicorn-62560.exe
964	Unicorn-32134.exe
4532	Unicorn-10079.exe
2108	Unicorn-62560.exe
2404	Unicorn-10205.exe
828	Unicorn-64807.exe
208	Unicorn-26534.exe
736	Unicorn-45870.exe
4316	Unicorn-51735.exe
1568	Unicorn-43640.exe
4616	Unicorn-65129.exe
2012	Unicorn-31942.exe
3912	Unicorn-28575.exe
1620	Unicorn-49815.exe
1344	Unicorn-61320.exe
432	Unicorn-47096.exe
3728	Unicorn-63167.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 4000	1924	b020643037947afa5be0e8c6f9bffe60N.exe	85
PID 1924 wrote to memory of 4000	1924	b020643037947afa5be0e8c6f9bffe60N.exe	85
PID 1924 wrote to memory of 4000	1924	b020643037947afa5be0e8c6f9bffe60N.exe	85
PID 4000 wrote to memory of 2844	4000	Unicorn-50624.exe	86
PID 4000 wrote to memory of 2844	4000	Unicorn-50624.exe	86
PID 4000 wrote to memory of 2844	4000	Unicorn-50624.exe	86
PID 1924 wrote to memory of 4932	1924	b020643037947afa5be0e8c6f9bffe60N.exe	87
PID 1924 wrote to memory of 4932	1924	b020643037947afa5be0e8c6f9bffe60N.exe	87
PID 1924 wrote to memory of 4932	1924	b020643037947afa5be0e8c6f9bffe60N.exe	87
PID 2844 wrote to memory of 536	2844	Unicorn-43136.exe	88
PID 2844 wrote to memory of 536	2844	Unicorn-43136.exe	88
PID 2844 wrote to memory of 536	2844	Unicorn-43136.exe	88
PID 4000 wrote to memory of 4196	4000	Unicorn-50624.exe	89
PID 4000 wrote to memory of 4196	4000	Unicorn-50624.exe	89
PID 4000 wrote to memory of 4196	4000	Unicorn-50624.exe	89
PID 4932 wrote to memory of 3076	4932	Unicorn-47967.exe	90
PID 4932 wrote to memory of 3076	4932	Unicorn-47967.exe	90
PID 4932 wrote to memory of 3076	4932	Unicorn-47967.exe	90
PID 1924 wrote to memory of 3300	1924	b020643037947afa5be0e8c6f9bffe60N.exe	91
PID 1924 wrote to memory of 3300	1924	b020643037947afa5be0e8c6f9bffe60N.exe	91
PID 1924 wrote to memory of 3300	1924	b020643037947afa5be0e8c6f9bffe60N.exe	91
PID 536 wrote to memory of 1768	536	Unicorn-15263.exe	92
PID 536 wrote to memory of 1768	536	Unicorn-15263.exe	92
PID 536 wrote to memory of 1768	536	Unicorn-15263.exe	92
PID 2844 wrote to memory of 1076	2844	Unicorn-43136.exe	93
PID 2844 wrote to memory of 1076	2844	Unicorn-43136.exe	93
PID 2844 wrote to memory of 1076	2844	Unicorn-43136.exe	93
PID 4196 wrote to memory of 4296	4196	Unicorn-28262.exe	94
PID 4196 wrote to memory of 4296	4196	Unicorn-28262.exe	94
PID 4196 wrote to memory of 4296	4196	Unicorn-28262.exe	94
PID 4000 wrote to memory of 676	4000	Unicorn-50624.exe	95
PID 4000 wrote to memory of 676	4000	Unicorn-50624.exe	95
PID 4000 wrote to memory of 676	4000	Unicorn-50624.exe	95
PID 3300 wrote to memory of 3668	3300	Unicorn-9325.exe	96
PID 3300 wrote to memory of 3668	3300	Unicorn-9325.exe	96
PID 3300 wrote to memory of 3668	3300	Unicorn-9325.exe	96
PID 1924 wrote to memory of 1584	1924	b020643037947afa5be0e8c6f9bffe60N.exe	97
PID 1924 wrote to memory of 1584	1924	b020643037947afa5be0e8c6f9bffe60N.exe	97
PID 1924 wrote to memory of 1584	1924	b020643037947afa5be0e8c6f9bffe60N.exe	97
PID 4932 wrote to memory of 3944	4932	Unicorn-47967.exe	98
PID 4932 wrote to memory of 3944	4932	Unicorn-47967.exe	98
PID 4932 wrote to memory of 3944	4932	Unicorn-47967.exe	98
PID 3076 wrote to memory of 3512	3076	Unicorn-64656.exe	99
PID 3076 wrote to memory of 3512	3076	Unicorn-64656.exe	99
PID 3076 wrote to memory of 3512	3076	Unicorn-64656.exe	99
PID 1768 wrote to memory of 3164	1768	Unicorn-9887.exe	100
PID 1768 wrote to memory of 3164	1768	Unicorn-9887.exe	100
PID 1768 wrote to memory of 3164	1768	Unicorn-9887.exe	100
PID 536 wrote to memory of 3660	536	Unicorn-15263.exe	101
PID 536 wrote to memory of 3660	536	Unicorn-15263.exe	101
PID 536 wrote to memory of 3660	536	Unicorn-15263.exe	101
PID 1076 wrote to memory of 1032	1076	Unicorn-22886.exe	102
PID 1076 wrote to memory of 1032	1076	Unicorn-22886.exe	102
PID 1076 wrote to memory of 1032	1076	Unicorn-22886.exe	102
PID 2844 wrote to memory of 372	2844	Unicorn-43136.exe	105
PID 2844 wrote to memory of 372	2844	Unicorn-43136.exe	105
PID 2844 wrote to memory of 372	2844	Unicorn-43136.exe	105
PID 4000 wrote to memory of 3096	4000	Unicorn-50624.exe	106
PID 4000 wrote to memory of 3096	4000	Unicorn-50624.exe	106
PID 4000 wrote to memory of 3096	4000	Unicorn-50624.exe	106
PID 4296 wrote to memory of 3284	4296	Unicorn-23401.exe	107
PID 4296 wrote to memory of 3284	4296	Unicorn-23401.exe	107
PID 4296 wrote to memory of 3284	4296	Unicorn-23401.exe	107
PID 4196 wrote to memory of 3556	4196	Unicorn-28262.exe	108

C:\Users\Admin\AppData\Local\Temp\b020643037947afa5be0e8c6f9bffe60N.exe
"C:\Users\Admin\AppData\Local\Temp\b020643037947afa5be0e8c6f9bffe60N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        11⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        11⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        11⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        10⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        10⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        10⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        9⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        9⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        9⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        9⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        9⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        9⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        9⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        9⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        9⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        8⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        9⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        10⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        10⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        9⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        9⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
        8⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        8⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        7⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        9⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        8⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        7⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        8⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        8⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        7⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        7⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        7⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        7⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        7⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        6⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
        10⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        10⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        10⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        9⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        9⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        9⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        9⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        9⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        8⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        8⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        7⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        8⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        7⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 688
        8⤵
        Program crash
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        7⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
        8⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        9⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        9⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        8⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        8⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        7⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        7⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
        7⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        6⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        7⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        7⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        5⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        9⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        9⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        9⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        9⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
        8⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        8⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        7⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        7⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        6⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        8⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        7⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        6⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        9⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        7⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        7⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        6⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        6⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        6⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        7⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        7⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        7⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        6⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        5⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        5⤵
        
        PID:16916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        8⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        7⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        7⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        7⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        6⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        7⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        5⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        7⤵
        
        PID:16600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        7⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        6⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18158.exe
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
      4⤵
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        6⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        5⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        5⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        5⤵
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
      4⤵
      PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10151.exe
      4⤵
      PID:17328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        7⤵
        Executes dropped EXE
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        9⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        10⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        10⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        10⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        9⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        9⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        9⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        9⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        8⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        8⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        8⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        9⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        8⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        8⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        7⤵
        
        PID:16752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        6⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        8⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 688
        9⤵
        Program crash
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        8⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        8⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        7⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        7⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        8⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        7⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        5⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        6⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        6⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        5⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        8⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        7⤵
        
        PID:17200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17200 -s 468
        8⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        6⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        7⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        6⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        6⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        5⤵
        
        PID:7164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 648
        6⤵
        Program crash
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        5⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        5⤵
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        5⤵
        
        PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        5⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
      4⤵
      PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
      4⤵
      PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
      4⤵
      PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 724
      4⤵
      Program crash
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        5⤵
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        7⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        5⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        5⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        5⤵
        
        PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
      4⤵
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
      4⤵
      PID:11360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
      4⤵
      PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
      4⤵
      PID:5220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      4⤵
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        6⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        6⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        5⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
      4⤵
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
    3⤵
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        5⤵
        
        PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
      4⤵
      PID:11544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
    3⤵
    PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
    3⤵
    PID:8964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
    3⤵
    PID:14236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
    3⤵
    PID:6772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        9⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        9⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        9⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        8⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        8⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        8⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        7⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        7⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        8⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        7⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        7⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        6⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        5⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        5⤵
        
        PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        6⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        8⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        8⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        7⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        7⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        7⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        6⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        5⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        5⤵
        
        PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        6⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        5⤵
        
        PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        6⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        5⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        5⤵
        
        PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
      4⤵
      PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
      4⤵
      PID:5064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        7⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        5⤵
        
        PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        5⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        7⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        7⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        6⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        5⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        5⤵
        
        PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        6⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        5⤵
        
        PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        5⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        5⤵
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      4⤵
      PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
      4⤵
      PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
      4⤵
      PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        5⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        7⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        6⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32438.exe
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        5⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        5⤵
        
        PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        5⤵
        
        PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        5⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        5⤵
        
        PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
      4⤵
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
      4⤵
      PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
      4⤵
      PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        6⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        5⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
      4⤵
      PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
      4⤵
      PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
      4⤵
      PID:8264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
    3⤵
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        5⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        5⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        5⤵
        
        PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
      4⤵
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
      4⤵
      PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
      4⤵
      PID:7900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
    3⤵
    PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
      4⤵
      PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
      4⤵
      PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
    3⤵
    PID:9888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
    3⤵
    PID:14020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17807.exe
    3⤵
    PID:17384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
    3⤵
    PID:6616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54185.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        8⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 652
        8⤵
        Program crash
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 660
        7⤵
        Program crash
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 736
        6⤵
        Program crash
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        5⤵
        
        PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
        5⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        7⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        6⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        6⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        6⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
      4⤵
      PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        5⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        5⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      4⤵
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
      4⤵
      PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
      4⤵
      PID:7928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        5⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        6⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48775.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        6⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        6⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        5⤵
        
        PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
      4⤵
      PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
      4⤵
      PID:16732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      4⤵
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
      4⤵
      PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
      4⤵
      PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
      4⤵
      PID:6028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
    3⤵
    PID:244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        5⤵
        
        PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
      4⤵
      PID:17344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
      4⤵
      PID:16860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
    3⤵
    PID:9620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
    3⤵
    PID:15320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
    3⤵
    PID:16476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        5⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        7⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9029.exe
        6⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        6⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        5⤵
        
        PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
      4⤵
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        6⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
      4⤵
      PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
      4⤵
      PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
      4⤵
      PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        6⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        5⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        5⤵
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
      4⤵
      PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
    3⤵
    PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        5⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
      4⤵
      PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
      4⤵
      PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
      4⤵
      PID:5808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
    3⤵
    PID:9444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
    3⤵
    PID:13276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
    3⤵
    PID:17240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
    3⤵
    PID:5416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        5⤵
        
        PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
      4⤵
      PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
      4⤵
      PID:17008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
      4⤵
      PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
      4⤵
      PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
      4⤵
      PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
    3⤵
    PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      4⤵
      PID:16804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
    3⤵
    PID:10940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
    3⤵
    PID:14292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
    3⤵
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        5⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        5⤵
        
        PID:516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
      4⤵
      PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
    3⤵
    PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
      4⤵
      PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
      4⤵
      PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      4⤵
      PID:1400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
    3⤵
    PID:10076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
    3⤵
    PID:13644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
    3⤵
    PID:16924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
    3⤵
    PID:1000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
  2⤵
  PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
    3⤵
    PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      4⤵
      PID:16732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
    3⤵
    PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
    3⤵
    PID:12020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
    3⤵
    PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
    3⤵
    PID:6956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
  2⤵
  PID:6544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
  2⤵
  PID:9752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
  2⤵
  PID:13324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
  2⤵
  PID:17372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
  2⤵
  PID:15424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 676 -ip 676
1⤵
PID:384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1420 -ip 1420
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1752 -ip 1752
1⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5600 -ip 5600
1⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7796 -ip 7796
1⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7444 -ip 7444
1⤵
PID:15980

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe

Filesize
468KB

MD5
87702f1e9b1b0d4ff9f6c508acf48071

SHA1
079da7bc29e4bdf830395b7cab647b6e1b83df93

SHA256
6bd69595e3e541aaeb7c5f830adff2a67864006e4a1b1747d08bb228674f4074

SHA512
dc1e79f8061871beac6ad3c946d28c2dbb7e2af88a874f9d13a2c426e058ba5fd7dd8b33888e95562ab5bc385be0eeeaade4de9a80f91698eb2edf841a4ef7e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe

Filesize
468KB

MD5
4c1b7592c80044039aafef0d12ff3d68

SHA1
e4512cdbf4a0fd27db81fef5cfe2ad2b44c776b5

SHA256
015407f7db6262f03b153e848ed39517c13bd40d30cd313f861fa5eba9a83d89

SHA512
4c90950dcc446d2331276591e4e800f015ca027c78b074d7cb8119157c4d2a48f671918445d9509229f8d8f9c9188659918a8438e90fc407b6ceb55069725f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe

Filesize
468KB

MD5
af5f0fd693a2872ec45c248941637cf7

SHA1
7040ae64ffa4c679e503828ecc8dbd515b166dd8

SHA256
da5264f82bf6ff92972aab4ad54fa73c8d67d6a0cf65f562f05cae94a578a71b

SHA512
d737b8ad010ca9bef7aadf8f768e2c6f9f78db279842c04ecf26b0a38b750b041d9ea0a36d9f055b0ed4c3bc03cb888fd88e207e8b1733ca3da1e99e0b3edea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe

Filesize
468KB

MD5
bb67045ea022ea8335e4877a17ae5652

SHA1
f9f98aa4a4e2a7c4b93158248453bc320e3badb4

SHA256
d0e9535691f3b5df46fb8fcd072d6b94c3cad049d6ecded7c5769641bf66290e

SHA512
008dee5668214b2d609a03afcdb1b8358eee75c533c93ffa96ae3dc922bd1ef3f65af9682e4c359e2264352eed4972b69aa3a9806b667a2c588cee8bbd011459

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe

Filesize
468KB

MD5
c2de08e8b76ad7667682d2c5f758ba06

SHA1
3a9b79aa46e5dc9b1a3d5ffdbe14f5a0b57fff40

SHA256
c962067b39c2ab5d200f51c647e52af68540c1739877fc42ad9498cceb1212d8

SHA512
b23d6f4d26c8efa0817cbbc896904efa454b719eb34340a7ec53c6e593c1486b6292b9c2bdee62d267591b34635059369f49a7a9e35cfeaeb2aa5f3f4e53f348

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe

Filesize
468KB

MD5
199f893257184140b082f91f1c48a60a

SHA1
8e847c19b3f2f7b5d1e74091b47f0bfa219918fd

SHA256
0e4a6362dccbc13683a8cb26fd9dd66025373c90412657b356222f8a089b1364

SHA512
8608f4f3d3f4ece4193bebfd27908ac249906551bede64e31df852529a64db2036a9c2d3bfeff4849f4f4753778396143855549357c0388e7c8df5b47dac83cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe

Filesize
468KB

MD5
a95e8476b0fd64b4f5e85af097477ef6

SHA1
972f53f37c9461c1feedad2c1936ffa8d9c2849e

SHA256
21118f2657993c333acb332d750b582558b97df0caba12ad3bfc1ef0de3a0a21

SHA512
d1b52b84ae9ef9c1822f0c564651e94f30dc93b9fa589b7d10a5adffc18dc01199d317b05837a869441d6fe6b0f912d71fd6c4c216dce53ac28da7a6d6a475fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe

Filesize
468KB

MD5
dcbbce1048c4b238e8e70b51329c2da4

SHA1
8e0fee3a1801148e0b74e92ae74a1c36bbaa54b3

SHA256
f46d279d5c7d677c4ba2681359d8ee188761ace462cd0190f60a72b50e050e82

SHA512
3b833d4d3867878bf248971267f76052adb2eb63e95327bb901076948f2579368bf333a7ef5e5d733e42790149b1743b6ee45868191f3c9c719393a9f08f80f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe

Filesize
468KB

MD5
3c4a6c9fb4cd53bf309ffb354eef8b88

SHA1
f118a734ea3893a3b0fb2a9e6ebdf38102c0ab96

SHA256
f14c1a6f81a53958f2c60ebf602a9c2ee7d159e661a1d5c12dc6ff95e833caeb

SHA512
476faf920523c45f3e65ab9442e26a304cf90fcfcbbdb403fae345f5d3af09b6ab61df6a37be2e5bc571418238c8ab382940bf5a25fc000934469a4f21b43cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe

Filesize
468KB

MD5
b5e7b4ec03efc142e63dfee7937e3a41

SHA1
14033f1933a70fbab29b8443f969b7d8e2ea5798

SHA256
9bf8eb540c2e1f239b1a90f45e1702491119c5fd03d280742043e694cbacc5f8

SHA512
d32f6f8e523470ec3411dc75bf45ab683d4d1fae5aeb1b63717539a94c42676cd6dc9e09caf54b2414e98725b7c20ac4daf3b126f68611a48a428237672022aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe

Filesize
468KB

MD5
662ca501f1b789d4babb35cc5628422a

SHA1
29dbbfb631349e38fff6f99c9c69a1e7e3790e1e

SHA256
793ab6535ecb9a20463a4359bedb6f449781c74f0138399fffee6ca36f32fedc

SHA512
7662290869325ca5868e99210293e58a2d7989e23895b204efc9bde10fe190182b4a1fdd39cf57949479b25df45b8168c67621c2cde96b83331d17daa9f84ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe

Filesize
468KB

MD5
551f8dab3620e9d4c19baf181db5eaf4

SHA1
862c1a12a3477ef432fb02d7008a93a8c471db74

SHA256
d3f25f29d10cf79158f19d48c186f3130d9a942e75bf9396cfbe7e019aebe67c

SHA512
f4ffaff3465cc375fbd6fff09d55f252f96fbb75c56994000be679e2f9c55c8ba602113b182453240cee9c2b983570cc0e5374135292fe45f0577fa6bf84cb94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe

Filesize
468KB

MD5
8e92e44c204fa409a85105c0893ae58d

SHA1
51f78daca2bded8c81cee3ee463fecbb86e6ad6c

SHA256
388a88d4ac3be4852007664756fe996ca0986dc32f8c4a303cf58e7666e213fd

SHA512
af8876ca9b54542b7280722f2e98158215c5207f66f8c755845155a87b17c008fa0c7c9326841f0c151dd61e1d924300f7df49ba93ae432d17ff0617a34e4c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe

Filesize
468KB

MD5
5c753efaa698722b7796000e06080cb2

SHA1
dcb1273817c13906bfe5fc7e99312e5d8dc8ddb6

SHA256
4c9e15da007b641bb130cfbc920da615166189b0f84d2389ada515cf5ff2c080

SHA512
4c15e33ddb743c317c695ac44ae93adab4afd92f53a84e8f668fe0ed87493d08a7a76f8e2709b8d51c39132afe7cfb1f06458a6d01507a277e4929ec2b9a06ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe

Filesize
468KB

MD5
520d6a14a441d93db0b9e08a622cca4c

SHA1
a9bf6248805cae170a70027cd6db11c4e74c9c5b

SHA256
b3da24a184f6db131f7fc3a87362b53378ca5d79b52d7fd840e98f5408e9e2fc

SHA512
cad83d7caa2d3589a4b3295409e17c145b0830b97383302d0b30b85e676360a448c562e116872290caad6e1e0225a38ce60c0536a4c69d51b696990e287edf02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe

Filesize
468KB

MD5
79d79be5bee8c9c6057cb46199ac75c3

SHA1
851ff2e380a2fc696725b67f6e4d383552e05770

SHA256
9c2b1116ef14528fd004c7790baeb3a89a4a8b18cc9884cde0985f5e31f23dea

SHA512
6e6bf819f301d89983ff5ba05345841f057e98d9c8b47ae22e375d0c00efc8edb4886088d0f8aa70a87538a6998eaa15c58b3e76331b462fdbaefcef3c7f87b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe

Filesize
468KB

MD5
39408ae32a6679048201bccf562504cc

SHA1
45d92a71b69f0d8072b5434332994af71627c193

SHA256
1bae998cec9e1e0b6438093f113c1fd85b08b74d64312b35dd1c916124506465

SHA512
d045d4295836dee0671923ccd1416e654f189138767da3c647b823baf4e8814e4d8eaac48f95e365da18f2c9191969d0e5ccf5491881670d0c2acc4d35596664

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe

Filesize
468KB

MD5
2e6df4e3b01c97bc9fb48845c345874e

SHA1
b8b894e2d3dfd68c35f3c59068f336ca12408df7

SHA256
847002e5191a9c6471d3b2ee9da1d259c4490c526cd78c0b25b1aee7cb9b3f9b

SHA512
2a932a3a01b42118009237578ee930599759893ca446e72ad541c44f408a3c03f0a0aea234753fa1a6ee0a5888544804b1301c2631abf3ae55fda3e9b829b863

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe

Filesize
468KB

MD5
3b466a5a97985fed67b806e6b8f96dc5

SHA1
f346d8aa665b4505028521842e5f3abf3e720895

SHA256
e84375fe302aff916fa47061405be80c70b85173ba0a553ee9e90cd03943d249

SHA512
861d40f5b3080c1f7b767c89d05d22bc7c518555320b239ebd18094154d0a50901d4071f4ddc2f5f069b9398083a69c262a39ee5baf87515b5488398d80f54f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe

Filesize
468KB

MD5
948e9ea6a095e6746d6334282f78e8ce

SHA1
f081277e61838e4195fb88f1a297878279984ad1

SHA256
9b8544625bf533b875312aba55fcba84f6af925f0cfac2c245a4df725b74878d

SHA512
8268916ef0608769d05d293ebc56eb9825636aa1426684dac4177918d2bfd8dff8e53a186bc01604f901b9abf61e8d1094ea582d619959fc30cd30235cfcb3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe

Filesize
468KB

MD5
9d6072c75807196b53b27ba54bf565f2

SHA1
c83d4031dd44a98e2995bf049b65187b2f1e3b0d

SHA256
755d496001ac5d47b310721933dc47217521b14512a33ab5a53a0e26f2597bc9

SHA512
9b6036bdac37c596fee87d9b22aeca41d7ea857c197b0360ca2d14974245608ec3df35b1a8689fc9b26ba6e17b78ef5280f7bb917b58470dcec7a07c5c35821a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe

Filesize
468KB

MD5
6596816db199663d53ca521d902f3dbd

SHA1
4174f593855271c82c2251001e3f080083d4c4f9

SHA256
a8e2b674cc36bb33754d2010a872828b394548346d802c055fe005473c4356e4

SHA512
cadad3c7ae7aa514564ad70de3a3f38ba22b161ef067cb40089e46b4a2ef44ae4d33608fb9da48e093ca5be74e0772179229446b747d0dbbe628d7142293f12a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe

Filesize
468KB

MD5
2fa0cb0477300feea8140c82a788535d

SHA1
d7578380d3043ecc7519e37e5458ff63bc0278f5

SHA256
d0515708bdd090d06024d2d76dc5e9bd7eda481cf4d8064b1685ec8c5b9f8a0e

SHA512
bb1b5d1acb249f6176721ec593968ca8d4ed606b413adb6e3f082f11fea17683611f6373dd012e33b719717480098ed479cef79399d78e82e621dd8a68a7c89e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe

Filesize
468KB

MD5
c55ea1fc9dff771958eba35c9d5aa702

SHA1
4464d7c18a2025e400482f3cf1121525b09bbe8f

SHA256
55233ae1e08c57cb74d5b7a4b42eedc187777ae237bd1a04de3beaa95fc8a6c5

SHA512
066514fcda1e5baf72ab6df1050f737ee056b98777b276ef174cbc0d74a35de9e0294262bb456df2b2cf737945627768ebe10e89766f48cc537caa5fc725eb82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe

Filesize
468KB

MD5
06551363b35f447c69b355bb5be3c30f

SHA1
37e9e826763db652de6c525b2b375a3df5c7e878

SHA256
4ab7e3b5beef3f352a11bf0c2fc3bb41e76b4d67c39fe8d22db0a7af4d6507fa

SHA512
cbee60349ce0ed8c426c30739a71785a201b0ac6963b3df5855753bd2687e7d4e6562195e4498819836a8c0911ee63ce5531a3fd56bb94497120a2f0d73e9629

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe

Filesize
468KB

MD5
795c4fb0d4f24a59bb8350ba950797c9

SHA1
3c9486e0c4c750737cb66d07e4c92e042897c3b0

SHA256
0371b9ce06708bc49d7a086bf7963c3936a1a8c85d16fa789ce09bb5e8eaf25f

SHA512
607a2e9191a2b87255b276431060fa4cb5cea55a1315546cf22551c82288d673a7bcaa554fb9cbec6453bc46b39891f9bd784f69d301395afd14cd95dbef02c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe

Filesize
468KB

MD5
6caaa58403f16ce088ec8137d320fb97

SHA1
e0a3c5bc119cf26b8a04f8ba53b70082d1910db8

SHA256
98e85f5aa980b9d8f669372c0e2a8e1838c59dbfa276df330cd758e8452c9972

SHA512
7721b8ce3d899c158b8d71ee5f2affa36ad326bf2adb36cf17375ea536dbb1817c9121ecfc119e13b6daed5cdc2e4bbe85118d231e12c53e5c2ef43f8bf1104a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe

Filesize
468KB

MD5
52bd5fc015ddde094e6028f4e27cb6d6

SHA1
25646fbc1e0685e4ca36e9673b167507a922c795

SHA256
4d8961d5959c02fd96fcc01dfbfc9dabef0573151beaa882db71afa4f9324a42

SHA512
cdad7fae5eed701a5c43b7117b485efa3c0c0c27106c5c6900b01a0dc52cee9e2191ad78389d9b2f95508695d1784d025a22fb111991e06d5a7631747a183910

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe

Filesize
468KB

MD5
0d2495322eef611d74299c864d55a3c0

SHA1
89cb1b29907d0ae7adb5fce0f0006ef82f6f4c49

SHA256
07ea718499a77e7cd9d30289bdf405b336025abbdf19f3b1c8287c77211ae920

SHA512
36aeae49e5934f5dd0a138c81a6b8d54c530d878e32e8cf2b46e6e5e993cb2ff36cc750be8f903d91ed489660a754be7ca128221bf09c12e5ca5e8511b6218ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe

Filesize
468KB

MD5
4b0309ce9ad908a5d91dc2f6d09c89dd

SHA1
443b96e5f91b7aea00cd6fc105bb6ced650e2b05

SHA256
94d87172717cdbd0b09e66339f839450472c5a830e83301fc135b51ab6b8e940

SHA512
3d736159297be45c930575758f667234fde0a5a98e9d35a6c60534a175199c302678f245b5fae7c314376bdb5a719641d02d0847276f8d8d23b04965826d1aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe

Filesize
468KB

MD5
16d898d8e7b846ee34afdf9ffdd8b1f4

SHA1
e5e6db1282637a54b8581b645881b698c47195a1

SHA256
7465efcf93a25dd49e79e163d8e0f533f96cd0ee65f72e8d663b108d39680f16

SHA512
a81205ab40f56bb64a155edcc69a5b8c2a2bd2e65e0d81c05ad8e95756d9766988ec5d2497f96555ecf55623b75bb24581019f28585f63d5b8296593402fd165

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe

Filesize
468KB

MD5
f0b5eb9b480fcf848324fa73ed91593e

SHA1
7dd03fe1dd91ab0fd087fbbd475f52cc869a6a41

SHA256
e3b2402bdb936cb10b4bf6a63fc3462cd4b453cdb5d8e2450de0c129d89635e0

SHA512
8d1a46ad916b6edf053028ad18121be27cc02c97e63b4d2289d1eff767c94dfe927748a615a848d68bbb06249639280378e44eb523b7f2c15dd97d8b18ebfe58

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads