ab418b903ec4dcc237bf6dbcca06dff57f4de5920a76d5ef0fc9ec0104de2308

Analysis

max time kernel
119s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

658817c6bb2454b2b31b757d5a213e00N.exe
Size

468KB
MD5

658817c6bb2454b2b31b757d5a213e00
SHA1

46c96b1274e374ecfa8d62b484fd829dbf75a55b
SHA256

ab418b903ec4dcc237bf6dbcca06dff57f4de5920a76d5ef0fc9ec0104de2308
SHA512

d4a7bf817b3421f2a6dcffd7c0110e64f91ccaa5b594196f52b46731fa88ba47449102c54d60d08bb43b557543c98f92734b4c6246cdcbade99f694733abdbac
SSDEEP

3072:gbtCogIdIp5VtbYuPzsjnf8V2CyCZnpLnzHexOpfgDULY86u4Glp:gb4ow/VtpPojnfApWugDu56u4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1624	Unicorn-34016.exe
2856	Unicorn-59392.exe
2552	Unicorn-23190.exe
3668	Unicorn-20768.exe
1484	Unicorn-42318.exe
1532	Unicorn-45848.exe
2004	Unicorn-31549.exe
224	Unicorn-29232.exe
1776	Unicorn-33678.exe
628	Unicorn-12703.exe
5048	Unicorn-16853.exe
2220	Unicorn-22984.exe
2500	Unicorn-3118.exe
4232	Unicorn-22984.exe
1372	Unicorn-19703.exe
2996	Unicorn-47208.exe
3740	Unicorn-43871.exe
3056	Unicorn-16648.exe
1940	Unicorn-41728.exe
4300	Unicorn-35598.exe
1556	Unicorn-33368.exe
3980	Unicorn-24437.exe
960	Unicorn-46367.exe
3956	Unicorn-48744.exe
2784	Unicorn-24240.exe
4680	Unicorn-59142.exe
1732	Unicorn-37238.exe
440	Unicorn-57104.exe
3452	Unicorn-61551.exe
5044	Unicorn-7446.exe
2016	Unicorn-35672.exe
1464	Unicorn-54238.exe
1736	Unicorn-60368.exe
3616	Unicorn-29161.exe
2812	Unicorn-44922.exe
320	Unicorn-23755.exe
944	Unicorn-22529.exe
388	Unicorn-42395.exe
3312	Unicorn-5425.exe
4108	Unicorn-35955.exe
3084	Unicorn-11450.exe
3288	Unicorn-11450.exe
1048	Unicorn-18393.exe
2160	Unicorn-47994.exe
948	Unicorn-42971.exe
2148	Unicorn-50370.exe
4476	Unicorn-10298.exe
664	Unicorn-29248.exe
368	Unicorn-10112.exe
3516	Unicorn-10874.exe
1564	Unicorn-55673.exe
4004	Unicorn-12794.exe
2940	Unicorn-62187.exe
2116	Unicorn-37683.exe
4844	Unicorn-45659.exe
4820	Unicorn-4818.exe
3836	Unicorn-4818.exe
1784	Unicorn-46737.exe
1200	Unicorn-329.exe
4812	Unicorn-49530.exe
2920	Unicorn-40977.exe
1352	Unicorn-8305.exe
1296	Unicorn-28482.exe
1632	Unicorn-4242.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
6124	3980	WerFault.exe	114
9076	6276	WerFault.exe	246
8652	6276	WerFault.exe	246

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3596	dwm.exe
Token: SeChangeNotifyPrivilege	3596	dwm.exe
Token: 33	3596	dwm.exe
Token: SeIncBasePriorityPrivilege	3596	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1076	658817c6bb2454b2b31b757d5a213e00N.exe
1624	Unicorn-34016.exe
2856	Unicorn-59392.exe
2552	Unicorn-23190.exe
3668	Unicorn-20768.exe
1484	Unicorn-42318.exe
1532	Unicorn-45848.exe
2004	Unicorn-31549.exe
224	Unicorn-29232.exe
1776	Unicorn-33678.exe
1372	Unicorn-19703.exe
2500	Unicorn-3118.exe
4232	Unicorn-22984.exe
5048	Unicorn-16853.exe
628	Unicorn-12703.exe
2220	Unicorn-22984.exe
2996	Unicorn-47208.exe
3740	Unicorn-43871.exe
3056	Unicorn-16648.exe
1940	Unicorn-41728.exe
4300	Unicorn-35598.exe
1556	Unicorn-33368.exe
960	Unicorn-46367.exe
3980	Unicorn-24437.exe
4680	Unicorn-59142.exe
3956	Unicorn-48744.exe
440	Unicorn-57104.exe
5044	Unicorn-7446.exe
1732	Unicorn-37238.exe
2784	Unicorn-24240.exe
3452	Unicorn-61551.exe
2016	Unicorn-35672.exe
1464	Unicorn-54238.exe
1736	Unicorn-60368.exe
3616	Unicorn-29161.exe
320	Unicorn-23755.exe
2812	Unicorn-44922.exe
388	Unicorn-42395.exe
944	Unicorn-22529.exe
3312	Unicorn-5425.exe
4108	Unicorn-35955.exe
3084	Unicorn-11450.exe
3288	Unicorn-11450.exe
1048	Unicorn-18393.exe
2160	Unicorn-47994.exe
948	Unicorn-42971.exe
3516	Unicorn-10874.exe
368	Unicorn-10112.exe
4476	Unicorn-10298.exe
664	Unicorn-29248.exe
2148	Unicorn-50370.exe
1564	Unicorn-55673.exe
2940	Unicorn-62187.exe
4004	Unicorn-12794.exe
3836	Unicorn-4818.exe
4820	Unicorn-4818.exe
1200	Unicorn-329.exe
4844	Unicorn-45659.exe
2116	Unicorn-37683.exe
4812	Unicorn-49530.exe
1632	Unicorn-4242.exe
1352	Unicorn-8305.exe
1296	Unicorn-28482.exe
1784	Unicorn-46737.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 1624	1076	658817c6bb2454b2b31b757d5a213e00N.exe	89
PID 1076 wrote to memory of 1624	1076	658817c6bb2454b2b31b757d5a213e00N.exe	89
PID 1076 wrote to memory of 1624	1076	658817c6bb2454b2b31b757d5a213e00N.exe	89
PID 1624 wrote to memory of 2856	1624	Unicorn-34016.exe	92
PID 1624 wrote to memory of 2856	1624	Unicorn-34016.exe	92
PID 1624 wrote to memory of 2856	1624	Unicorn-34016.exe	92
PID 1076 wrote to memory of 2552	1076	658817c6bb2454b2b31b757d5a213e00N.exe	93
PID 1076 wrote to memory of 2552	1076	658817c6bb2454b2b31b757d5a213e00N.exe	93
PID 1076 wrote to memory of 2552	1076	658817c6bb2454b2b31b757d5a213e00N.exe	93
PID 2856 wrote to memory of 3668	2856	Unicorn-59392.exe	95
PID 2856 wrote to memory of 3668	2856	Unicorn-59392.exe	95
PID 2856 wrote to memory of 3668	2856	Unicorn-59392.exe	95
PID 1624 wrote to memory of 1484	1624	Unicorn-34016.exe	96
PID 1624 wrote to memory of 1484	1624	Unicorn-34016.exe	96
PID 1624 wrote to memory of 1484	1624	Unicorn-34016.exe	96
PID 2552 wrote to memory of 1532	2552	Unicorn-23190.exe	97
PID 2552 wrote to memory of 1532	2552	Unicorn-23190.exe	97
PID 2552 wrote to memory of 1532	2552	Unicorn-23190.exe	97
PID 1076 wrote to memory of 2004	1076	658817c6bb2454b2b31b757d5a213e00N.exe	98
PID 1076 wrote to memory of 2004	1076	658817c6bb2454b2b31b757d5a213e00N.exe	98
PID 1076 wrote to memory of 2004	1076	658817c6bb2454b2b31b757d5a213e00N.exe	98
PID 3668 wrote to memory of 224	3668	Unicorn-20768.exe	101
PID 3668 wrote to memory of 224	3668	Unicorn-20768.exe	101
PID 3668 wrote to memory of 224	3668	Unicorn-20768.exe	101
PID 2856 wrote to memory of 1776	2856	Unicorn-59392.exe	102
PID 2856 wrote to memory of 1776	2856	Unicorn-59392.exe	102
PID 2856 wrote to memory of 1776	2856	Unicorn-59392.exe	102
PID 1484 wrote to memory of 628	1484	Unicorn-42318.exe	103
PID 1484 wrote to memory of 628	1484	Unicorn-42318.exe	103
PID 1484 wrote to memory of 628	1484	Unicorn-42318.exe	103
PID 2004 wrote to memory of 2220	2004	Unicorn-31549.exe	104
PID 2004 wrote to memory of 2220	2004	Unicorn-31549.exe	104
PID 2004 wrote to memory of 2220	2004	Unicorn-31549.exe	104
PID 1624 wrote to memory of 5048	1624	Unicorn-34016.exe	105
PID 1624 wrote to memory of 5048	1624	Unicorn-34016.exe	105
PID 1624 wrote to memory of 5048	1624	Unicorn-34016.exe	105
PID 1532 wrote to memory of 4232	1532	Unicorn-45848.exe	107
PID 1532 wrote to memory of 4232	1532	Unicorn-45848.exe	107
PID 1532 wrote to memory of 4232	1532	Unicorn-45848.exe	107
PID 2552 wrote to memory of 2500	2552	Unicorn-23190.exe	106
PID 2552 wrote to memory of 2500	2552	Unicorn-23190.exe	106
PID 2552 wrote to memory of 2500	2552	Unicorn-23190.exe	106
PID 1076 wrote to memory of 1372	1076	658817c6bb2454b2b31b757d5a213e00N.exe	108
PID 1076 wrote to memory of 1372	1076	658817c6bb2454b2b31b757d5a213e00N.exe	108
PID 1076 wrote to memory of 1372	1076	658817c6bb2454b2b31b757d5a213e00N.exe	108
PID 224 wrote to memory of 2996	224	Unicorn-29232.exe	109
PID 224 wrote to memory of 2996	224	Unicorn-29232.exe	109
PID 224 wrote to memory of 2996	224	Unicorn-29232.exe	109
PID 3668 wrote to memory of 3740	3668	Unicorn-20768.exe	110
PID 3668 wrote to memory of 3740	3668	Unicorn-20768.exe	110
PID 3668 wrote to memory of 3740	3668	Unicorn-20768.exe	110
PID 1776 wrote to memory of 3056	1776	Unicorn-33678.exe	111
PID 1776 wrote to memory of 3056	1776	Unicorn-33678.exe	111
PID 1776 wrote to memory of 3056	1776	Unicorn-33678.exe	111
PID 1372 wrote to memory of 1940	1372	Unicorn-19703.exe	112
PID 1372 wrote to memory of 1940	1372	Unicorn-19703.exe	112
PID 1372 wrote to memory of 1940	1372	Unicorn-19703.exe	112
PID 2856 wrote to memory of 4300	2856	Unicorn-59392.exe	113
PID 2856 wrote to memory of 4300	2856	Unicorn-59392.exe	113
PID 2856 wrote to memory of 4300	2856	Unicorn-59392.exe	113
PID 628 wrote to memory of 1556	628	Unicorn-12703.exe	115
PID 628 wrote to memory of 1556	628	Unicorn-12703.exe	115
PID 628 wrote to memory of 1556	628	Unicorn-12703.exe	115
PID 1076 wrote to memory of 3980	1076	658817c6bb2454b2b31b757d5a213e00N.exe	114

C:\Users\Admin\AppData\Local\Temp\658817c6bb2454b2b31b757d5a213e00N.exe
"C:\Users\Admin\AppData\Local\Temp\658817c6bb2454b2b31b757d5a213e00N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        11⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        11⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        11⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        10⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        10⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        9⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        9⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        9⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        10⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        9⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        9⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        8⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        9⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        10⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17504.exe
        10⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        9⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        9⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        8⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        8⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        8⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24761.exe
        7⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        9⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        9⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        8⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        9⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        9⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        9⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        8⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        7⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
        7⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        6⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        7⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        7⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        8⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        8⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        7⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
        6⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
        6⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        10⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
        10⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        9⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
        9⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40905.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        9⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        9⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        8⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        7⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        6⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        7⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        8⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        7⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        7⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        6⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        7⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        6⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        8⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        7⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        7⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        8⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        7⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        6⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        6⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        5⤵
        
        PID:18348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        10⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        10⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        9⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        9⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        9⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        8⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        8⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        9⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8953.exe
        9⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        8⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        7⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        7⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        7⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        6⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        7⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        8⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        7⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        6⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        5⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        7⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        6⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        5⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        7⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        7⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        6⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        9⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        9⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        8⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        8⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        8⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        7⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        7⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        7⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        6⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        6⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        7⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        6⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        5⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        6⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        5⤵
        
        PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
      4⤵
      PID:15092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        9⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        9⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        7⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        8⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        7⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
        6⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 636
        7⤵
        Program crash
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        7⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 648
        7⤵
        Program crash
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        7⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        8⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        7⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        7⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        6⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        7⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        6⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        5⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        6⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        8⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        8⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        7⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        7⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        7⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        6⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27921.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        7⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29472.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19504.exe
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        8⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        7⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        7⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        7⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        6⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        5⤵
        
        PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        6⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        5⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
        5⤵
        
        PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
      4⤵
      PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
        5⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        7⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        7⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        6⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        5⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        5⤵
        
        PID:17812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        7⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        7⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        6⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        6⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        5⤵
        
        PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        5⤵
        
        PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
      4⤵
      PID:16484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        6⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        7⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        5⤵
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        6⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      4⤵
      PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        5⤵
        
        PID:16944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
      4⤵
      PID:16700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        6⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        5⤵
        
        PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        5⤵
        
        PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      4⤵
      PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
      4⤵
      PID:13776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
    3⤵
    PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
      4⤵
      PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
      4⤵
      PID:18328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
    3⤵
    PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
      4⤵
      PID:16404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
    3⤵
    PID:10496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
    3⤵
    PID:15136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        9⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        9⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        9⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        8⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        7⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        6⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        6⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        5⤵
        Executes dropped EXE
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        6⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        7⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        6⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        5⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
        5⤵
        
        PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        8⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
        9⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        8⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        7⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        8⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        7⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        6⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        5⤵
        
        PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        7⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        7⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        6⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        5⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
        6⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
        5⤵
        
        PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        5⤵
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
      4⤵
      PID:7676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        7⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        6⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        5⤵
        
        PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        7⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        5⤵
        
        PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        7⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
        6⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        5⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        6⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        5⤵
        
        PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
      4⤵
      PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        5⤵
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
      4⤵
      PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
      4⤵
      PID:15364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        5⤵
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
      4⤵
      PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
      4⤵
      PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
      4⤵
      PID:7280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
      4⤵
      PID:12868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
    3⤵
    PID:12924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
    3⤵
    PID:17496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31549.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31549.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        7⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        7⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        6⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        7⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        5⤵
        
        PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        7⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        6⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        5⤵
        
        PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        5⤵
        
        PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
      4⤵
      PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
      4⤵
      PID:17116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        7⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        5⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
      4⤵
      PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        5⤵
        
        PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        5⤵
        
        PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44210.exe
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
      4⤵
      PID:17384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        5⤵
        
        PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        5⤵
        
        PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
      4⤵
      PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
      4⤵
      PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      4⤵
      PID:15452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8224.exe
    3⤵
    PID:9168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
    3⤵
    PID:13284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
        5⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        7⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        7⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        6⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        7⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
        6⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        5⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
      4⤵
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12217.exe
        7⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        6⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49819.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        5⤵
        
        PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        5⤵
        
        PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
      4⤵
      PID:17520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
      4⤵
      PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        6⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        7⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        5⤵
        
        PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        5⤵
        
        PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
      4⤵
      PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
      4⤵
      PID:17532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
    3⤵
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
      4⤵
      PID:14708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
    3⤵
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
      4⤵
      PID:14096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
    3⤵
    PID:9548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
    3⤵
    PID:14636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        6⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        5⤵
        
        PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        5⤵
        
        PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2768.exe
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
      4⤵
      PID:13480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 652
    3⤵
    - Program crash
    PID:6124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
      4⤵
      PID:15248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
    3⤵
    PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
      4⤵
      PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
      4⤵
      PID:16720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
    3⤵
    PID:12976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
    3⤵
    PID:17180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
    3⤵
    PID:8972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
  2⤵
  PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
    3⤵
    PID:9232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
    3⤵
    PID:13460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
    3⤵
    PID:5536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
  2⤵
  PID:8796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
  2⤵
  PID:13204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
  2⤵
  PID:15596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
  2⤵
  PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3980 -ip 3980
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6276 -ip 6276
1⤵
PID:7668

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 6276 -ip 6276
1⤵
PID:6444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe

Filesize
468KB

MD5
b55baccb64ad27ad71b02a9b924c4645

SHA1
4eed4cf066c391af0246700480c2ab77e85a8648

SHA256
16ef1f6319e5e901cbbefca4522080b22cd27ce4939b68589b40a6a7a06af494

SHA512
9f41765248ed3508a986649d031f6dbaf4a4a8f1130094c64a38552cdf98e0cdd1e1d58716470b17fcc84c83b7a6bed62934c97fce0fa8bae2a57ca082dce4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe

Filesize
468KB

MD5
53faac0e43558bb361168d560d4a5977

SHA1
2bc649dff2f9e6ca86e20f06c3614c0b8b838122

SHA256
9e258485bd447affb44c727ec69bf3c900fcc18f0152a5f70a27325f53e861d7

SHA512
f6d6de95c2a63e9541c56aaaa8168aaf78f75d464682352f77a38f662ba4a85b1193c10cb5a97bb8b7971c938c027726138402d78751991165b3bda206135548

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe

Filesize
468KB

MD5
9a0b4b62452317ceacf536336edd5b8a

SHA1
a0a7f5d532b3b58629c25dae9af3f2bbfcae8bfb

SHA256
ad91ddcf46f42df33d5ed3d115a6cf4846aaf3698be934d13ae4b0052791a719

SHA512
ca371f97a649e0b092dc76ac984bde1e91589f4ae17346f51badc91ce698e92fa7cae56d2c89ae182b3f7f1b8f08be0d6f29870bec6a5d39d695819d1a4119e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe

Filesize
468KB

MD5
6818ef34ec5e718665afc7a1aec1896a

SHA1
4acec3c2f32b17dca347a6b95bb3068877afe5d4

SHA256
0eb1fcd026ebe2756771db4a43b8cda25c07e0e3844fd56264bc74fdb6c3f863

SHA512
d41e7d2dc2a7e540bcdce2c9c6e9c76e9590cf2f8adbbca863958b781e7824ee1e3f081bf77914ef316aed9adca9ade4e9822ec76caf04df543aa9f4ee32e15b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe

Filesize
468KB

MD5
8bf05f0571c606b57117aa8ca3b0391e

SHA1
5447f9dbfae0a34badecf04593c8d34a07b13ecb

SHA256
71431c39aa8e8bcf4ade1d9e1e14a619dbf0b1b62487aed9749d94d0d5eaf080

SHA512
32108a703f988ae04af428c0eadaaa12abd1277f92a8cfcfb91207559f627094e302baebd8997464086ea89034cd4ef36e148a3925b631f28732f7c418f00e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe

Filesize
468KB

MD5
929e8c7b13ed7da426ec680560cc39e8

SHA1
eae785619bf2987a6ba3657f313abe0e025d76bb

SHA256
462afcf927244f907757c0c14d4bd7cf984429c8aa9e6653f598ed5197ac3e53

SHA512
fcaf3f581b62c5e9fb9796ea1883efaa74d331fb24087c7d4d4ae41b95f338a11bcb44f81b9f6a0e508a1881cfb817ea48ed18a133502071eed14d1ddc9de911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe

Filesize
468KB

MD5
90470ebb7a4288d8bdedb19533efc1f1

SHA1
266b6f3909d325f29ca30b1ea2f98132459e5490

SHA256
c34d4bcf5e6f7fdc2353ff342a7529239ec11146b23a635dade198c5bc1315e0

SHA512
ab573fc7c0c6c4172f862244e0e9ce7b1b36384f6a148abcf2e550d1dd704ccf3bbdd217414b8bf44f9313260b6dac543c2bb64067af9a4c664b2d33c9db0ba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe

Filesize
468KB

MD5
cb608d25a136848cc0ff7aeaba1b896f

SHA1
d4f5d3d67fa1666a22ee4e282bc8c976907d70fb

SHA256
128ecd43fc60912f9af1379dd515c68fb2eabed0a588292da7fdc91ad5707e7a

SHA512
1a0cde7484c8c59e20bb4c017bca139ea59a5128ea310c7af34de58d018b657d4a758254dd747ed94b14ef75365ab6548ff2b6b8649801104a1dd44bc4eb422c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe

Filesize
468KB

MD5
0f2210aa96d5e6adfe4a85952afbbe4d

SHA1
0c7e71b186d779518282e05c4cb48762a543571c

SHA256
6178474e6d3f37bfe08f380dd1f80e36ad26ef1d4996139c0ad4ab3b351b8cae

SHA512
913aeb9b94c7fed436e2e811b4e927d8f233efecb4e3750433a681d5b13d2a29f65bfef83a523e970bc93feacdea768abc29033dae90da145cdb321af9d00a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe

Filesize
468KB

MD5
a1aef9ca90ca9b4da9f7cfef353dc7d5

SHA1
7aa796ff785728143d48701ccd5f3919f4e99246

SHA256
c061611d26c24ef0e32e1396e6b819c71b5e4c486c8ca73cd1ed9e76c76b2be0

SHA512
f79af1b209e336e07e7cd69d2c0ab6f74cdbd0a7768638b3d6d0486d36012e639acc447f44cbb11536c6f0b2a56796f4ac7cb10cec38f44eb9f952a91f343335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe

Filesize
468KB

MD5
424cb5d29e5e2dcbf0196fade9073124

SHA1
c9cb7e84177912cf5997e57ce52c1ce7257bc6f4

SHA256
02760e10435d6a98eefd8b5df615afcd7966f04c210d252a40dfb5bcb6a42039

SHA512
c8b249d1effe1817ff6c3725f50fa90208077246e64b85b5f9282426ee63dc02764413de7c8f0af8b84743a3ac55f98c7cf88d31fa9cda0d90d313f24add6271

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31549.exe

Filesize
468KB

MD5
bc3ff3b31883dba34a4fe62749e741a1

SHA1
9bd2d03abb4ed4795ae8f46588c050adf8fc65cf

SHA256
87634d9e16bf508cde0dbd552175d9ac01322ab4b70f2dd7a30763d90303969e

SHA512
24fdfab586563a8cefc89238d4338d9f2c8babe6b8c487dd4de29df4e543441301e1e75aa731050395a052fffa31b522be85572394423a68eecf17b306efbe5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe

Filesize
468KB

MD5
eefa268bc3f244c2aa1798d657db2b0f

SHA1
dec7d7d662fce4c46e51ebfff5bfad8d0ceb7a6a

SHA256
b4a51d94cc10c59e1ed66abf1633ef21d0244c16891871fbf0bf85a2134ef983

SHA512
3fc987831a3f8add1d8966a10c32209192780f723d30e67a294ba9b70c33943422f2479cc6167074b757a2b7f597c2f0cf31ee44dfa3a876332a9efbd14c248b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe

Filesize
468KB

MD5
6f1e080a63d29a54628166a9ccd1acbb

SHA1
49c6c71553f015f15f9a473d9421f7475062ccbf

SHA256
630734b387bce812b6ebf516f2b58cefcf92a2fbc58824ad0894696eb7f96ac3

SHA512
1c9327638a30a11eda8bf9fc68ae23043a7c4362dba038e545585e0e91da3e48da769c134c8edacdd319fef834f6500b596eacdec9e1dcb3e45ed099d55d4015

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe

Filesize
468KB

MD5
26c389ce334ead7c119e9dd102782bdc

SHA1
59b144a797dfc5fe012b199c3f11827471074487

SHA256
524baf1f4c746f2f328b6ffef6ef34c6e30ae01a4b19cb6702a7071190b80ee4

SHA512
05094dd3677be73db3e9d7d221da44bdd5c8900530199f5b32c8708c5b6ee23c9deaae856390bd59ba19adddd69fc39921accfbc2216fbf21173977f95e5beaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe

Filesize
468KB

MD5
544d25f1d4df0966306e16273fbde807

SHA1
0ff49becfc86e6ac665924599599b965f5bb508c

SHA256
96320e28f56e94f798d0faef5d295d5add745ddbf6f18b23fea479dd39f085eb

SHA512
14b03413a6e2102a319a08886edab34b1901b6605fa1095666c002c35836376a1546e1101a03f6d1cac01841b9b442b9b1886d4cd7c2e656dbdfd03a67ed6eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe

Filesize
468KB

MD5
4ac771600755280f2212bb2f883552b0

SHA1
f9a33709608a4bb3607754c9855bd2f806ab05e4

SHA256
d22771226fe3f23bc58f403f51746503982a56b278c9e4493107114f67df67bd

SHA512
576b3eeaecd1df4db554110502bbc33da74ccd7d250a9445f6dcf438becae4c864750649da73bd7ecc72fdc2a06b69d5529aceecc42842984bf70211326481c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe

Filesize
468KB

MD5
d90a330399025cf3eaa8366a09280227

SHA1
531eac4be4daa2ebeea09e6a92031ac0c4b7bdbf

SHA256
03b4cdd85dac0a25d252c52784af6c3aa4f086809153ad6b558d96c6dc156e57

SHA512
89391711baa0578686b8d77f37bf2cb29fbc14404ca2779592adedf89302cb12f9929cfe1bf04fcdcc247e5505f949300b78ede2721feab1ebc8af2145dce488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe

Filesize
468KB

MD5
bccf8b035c517ced33da734ffd466345

SHA1
c32af2646367c0f7854bcadb02ba3c8bedac0ce1

SHA256
ab867cc996d0f19513fcc94704b5bd8be7543942c9730c3271ef819e26cadf30

SHA512
259898b3147f86298cf96beca811969ca0d90ac5a3ecd2f40af3aa8e7f1cbf78b756e8deaacd3e7097e3838dec97b941d4ec11291695d6ab735f3cdf73a7457d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe

Filesize
468KB

MD5
6be32c59a17bff7cd60b2b2bcc5ac78f

SHA1
b4bcf7688a45ee34276547c58a6584198427f1c8

SHA256
9e6dab2f773389c9af68806fde455f2c60a10941e75183f4cce673f07d10ffa8

SHA512
ad4b01d4c14b3eedec4921a06461261453a11665aa0cab597b5fdec140bd43e4c6e271fb6e015452067d9409b9d1e32ea79aa7c6d979e26dc6bb1928bfd6d083

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe

Filesize
468KB

MD5
d5e6732d6f31790a28a7f3908e27050b

SHA1
1151603911f0d25d916216560a2ca3f352ae4e90

SHA256
26802a3658096627e0458ce759c2403bfc17dd5e656652303180619cb77fe055

SHA512
0aa7c826e89c919958ce4ac0a9f36e16042c6a4535ba64e1041e105490b2f83eec85f82bb7d0b0d64d232716660c31efbeb1c602f731e5d55e1fcb9e949e9176

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe

Filesize
468KB

MD5
3d636572b95c00e90895e7ad29470251

SHA1
705c4097ee36015c6e1438248765edd83f293ecd

SHA256
576817cbb8c10f05ab6b5bdd6352a531edd25da807101c9c375a8068422a0d14

SHA512
40b48291cd9e843134eb11d392b4767699773e6e268784caf6e33976f3b7046dcfea5b0104a139c48a20dda247d83f5d86cab7dc7a6ee3989daf85c80672d8d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe

Filesize
468KB

MD5
893b887af16a93a67eb1c310c5fe81a5

SHA1
b1a51430f0cc6eb38090f4ef1e7a794cf84a4e3b

SHA256
18b3dff50549f952bc7f8d50264e4faf8672f4709169b66ff2709b95dab192a2

SHA512
1457813c3a943caebb78f699d38f8da050d3ef5cd5782e2b36cdce34eb2db90023173c6a703d5cb7e74a5940dc0227f1bae2d03854816bad96acecf903a4ce3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe

Filesize
468KB

MD5
0811042f91ed8b8ada793e77dc83c00b

SHA1
c43300bb989acfbba89e8f8b2fbac3eac3681051

SHA256
937b226ec51d7cace1d9aa38cd7eb61ec6dc524bad503396680b0d3e8ea7b25e

SHA512
3802f9187f4f82033fcce2228a0ae6cf066e71d3a921b346e9abec8b9ac1387847ddb124db272548539aa60ae675c4a311511be23e053675ef43a5fffa4f380c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe

Filesize
468KB

MD5
8a93a16789aa497fd45da34659221ff3

SHA1
86eaab05886de96b1251a0cb600991111bffabac

SHA256
d557e9ed69c353a2b67d26e65dd61efd3ddc85f6b7f2f70fe01d127c9a1264f8

SHA512
ed82e79a6e3208b68641784f7d5db6cbdd9206b0c57fe338890c542a64ea4b52c57f1dd7c0b16c747c7860c0d4346d536c606846071b76e7b94ee6c856929a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe

Filesize
468KB

MD5
7cf885922049eca151a96f9de4c4bd40

SHA1
b50291bfd8f9ca6a3b105b7b412eb9f5e4d02234

SHA256
5e3ec79cc45354a5f946658bc106ed666016b0b7d2fb3fc5cc0ec511812624f5

SHA512
52e5552fdf06f17910e615d9c860895d4d51c725b62075e82489cd271875a7fe6c8e14975226494758fad1b72aa6ef644910bc2411469c61bc3bf52d67d9a957

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe

Filesize
468KB

MD5
1532a495c69864161e6801ed5a131cd0

SHA1
b97bd9c7d0cb477232b960a5cd377a8d3e17f957

SHA256
9ed9fe8beaa201e92350703a1ae3d71391022ca7896b00610f66807fc6f8947c

SHA512
af96eb143099bdd44ea877feb490759ad69d0238bb9b65b0de17e565be1bafee27825746e7f923f3db262091645c80249e483c996735ce6d27b9803b91b7c74b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe

Filesize
468KB

MD5
48124f65e4b5b22728a3d708ed4ef40d

SHA1
85364506b9c0682361b001f2d9f74043db5d8cae

SHA256
1e5b57b76fed4c2772e67fe9ff245f88d810bb8751182c7629dbc5d49eb077b4

SHA512
e6e8e9e88d1fc8cd6c34f2d8359d68dae4e88e7b8abbfd8d81e805888afd1570a197fcb2d094268a9ddf1699e5e60572515f9089f7f0f004735fc6a1c5e8ff1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe

Filesize
468KB

MD5
012beb3d6bbf6f0b5ec5fd15d9519a0c

SHA1
8189b618a6cee4c3723a142b11079a8563a2ad83

SHA256
a2176e0d21ce1ffaba8bdbf55a36dbb9ccb949f7d4a60d4d16108814e54529ed

SHA512
b29440358baccf63b81b8a064a9ce49d776261a65d6b7a957a9844aea24807db06cf3e14e9eb8954912f82c6f00dbe8537de5de882ac44f41b559e97f621ba09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe

Filesize
468KB

MD5
f81a662358b7ed9867deef93edb6fb16

SHA1
3e7e187d9994c977a3507c4af215268c99aaf61f

SHA256
ad35345f490f2df36baae7e6dc2c290e6a690bd512f536f0e26838b768949404

SHA512
eab9467d90a22267945ae3def3d6ccece0e1ffde058578c275177eb5007832837784601a5af89d76d13d19f74e6d6fd130a9feced12363b0d3cf5ae499db800e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe

Filesize
468KB

MD5
0c3f0c0913b34e40c5448fc1d1db490f

SHA1
a6d7f70387d0bfdd2e8289012625c001910883c9

SHA256
5e6be4bd8bdec6c9d849b24cfb354a24f39a5d8f125974f27bc5cb3538ecefae

SHA512
ba859f86638772272db01122a5a260f22c8df67789c0ab3c177870d6bd7cb97c80e8c3302918f99617a6e7822e9c4098df3d007e5def1bce32b9e8c77d62d998

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe

Filesize
468KB

MD5
595696f3d1081f65eb624c915c632f5a

SHA1
db399225a49def706d51ed85453a1f81ff89080c

SHA256
ef18334834e99e9a583aa1b0d3e9d6f03b6e917c2a262f843ee1bb6387e4282a

SHA512
7164ec8ed896af85da2fc488be5c36dbd6881a9a7de8dd43e63393cb8292528328133e7ecff05e1fde944a17eb4d3479c70efad2bd96dca785075772b80b24ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe

Filesize
468KB

MD5
e6ae965a6d1e5d038dd341fa5d446d5c

SHA1
a7a36dc238dc6ef3c4872a38b516b922c671d0b2

SHA256
2d1f534cca6ea8b73c947c8a8af12b71f649e0f3c8739fc9fa992fc5b484f6d4

SHA512
c1a8b50c90d9a3d719d562dd54e721acf6f729ae28acbb4e23eb87425384bfc842934110b3ca46570d11690eb8bffee0d350395c7608a376ce78105bda69d281

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads