4b80f3b63fc3099771c76418a6681d4c6584140fc7dcdd2663d032f85c54176a

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7757540622777256970b8f2f9f258c50_NEAS.exe
Size

184KB
MD5

7757540622777256970b8f2f9f258c50
SHA1

5b1652a5177a82ba74a71b5116017651e74f61df
SHA256

4b80f3b63fc3099771c76418a6681d4c6584140fc7dcdd2663d032f85c54176a
SHA512

9af788eb900c4f0db539c665727dcc38e0266309116bf136757b383cbc46b841c7924361ec50347db2592acaf4f69acbc7b4ae5779fa1d9b31a409b39d796808
SSDEEP

3072:Izh/+MoWpBu+3dewTCwJzfaS3lvVqnviug:Izjo4tewhzCS3ldqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3116	Unicorn-35144.exe
2672	Unicorn-51872.exe
3396	Unicorn-47383.exe
3676	Unicorn-18344.exe
2056	Unicorn-18344.exe
3380	Unicorn-28741.exe
1804	Unicorn-15006.exe
4044	Unicorn-62360.exe
3748	Unicorn-58831.exe
4104	Unicorn-29688.exe
2064	Unicorn-29688.exe
4776	Unicorn-34134.exe
3464	Unicorn-47870.exe
3720	Unicorn-53735.exe
232	Unicorn-22598.exe
4328	Unicorn-26512.exe
2984	Unicorn-39126.exe
2752	Unicorn-663.exe
2384	Unicorn-25360.exe
4576	Unicorn-43734.exe
4876	Unicorn-29998.exe
5048	Unicorn-42080.exe
1900	Unicorn-58224.exe
3556	Unicorn-855.exe
3508	Unicorn-8758.exe
1656	Unicorn-38358.exe
4592	Unicorn-16621.exe
4508	Unicorn-19421.exe
4488	Unicorn-34592.exe
1012	Unicorn-36630.exe
5092	Unicorn-26808.exe
3912	Unicorn-23278.exe
3284	Unicorn-9319.exe
3984	Unicorn-44030.exe
5040	Unicorn-42568.exe
768	Unicorn-42376.exe
1820	Unicorn-19984.exe
4892	Unicorn-65463.exe
4540	Unicorn-11166.exe
5112	Unicorn-29997.exe
924	Unicorn-61208.exe
4144	Unicorn-57679.exe
2496	Unicorn-51696.exe
3092	Unicorn-2495.exe
4256	Unicorn-10663.exe
4984	Unicorn-27192.exe
3476	Unicorn-7326.exe
4580	Unicorn-43263.exe
648	Unicorn-43342.exe
2436	Unicorn-27192.exe
3688	Unicorn-26806.exe
3416	Unicorn-37398.exe
1032	Unicorn-56911.exe
5084	Unicorn-59968.exe
672	Unicorn-59968.exe
5020	Unicorn-10694.exe
4024	Unicorn-56631.exe
3496	Unicorn-43056.exe
4112	Unicorn-39526.exe
4948	Unicorn-10383.exe
1400	Unicorn-20589.exe
3776	Unicorn-42864.exe
2396	Unicorn-47503.exe
4168	Unicorn-34696.exe

Program crash 13 IoCs

pid	pid_target	Process	procid_target
3900	4776	WerFault.exe	107
6908	6236	WerFault.exe	238
10284	8000	WerFault.exe	347
15256	12724	WerFault.exe	599
16044	15868	WerFault.exe	746
1368	9152	WerFault.exe	407
18896	15552	WerFault.exe	773
18884	16084	WerFault.exe	788
19204	16460	WerFault.exe	816
20380	6068	Process not Found	1078
15508	9012	Process not Found	1164
15492	8832	Process not Found	400
19788	12284	Process not Found	591

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5816	dwm.exe
Token: SeChangeNotifyPrivilege	5816	dwm.exe
Token: 33	5816	dwm.exe
Token: SeIncBasePriorityPrivilege	5816	dwm.exe
Token: SeCreateGlobalPrivilege	20252	Process not Found
Token: SeChangeNotifyPrivilege	20252	Process not Found
Token: 33	20252	Process not Found
Token: SeIncBasePriorityPrivilege	20252	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1940	7757540622777256970b8f2f9f258c50_NEAS.exe
3116	Unicorn-35144.exe
2672	Unicorn-51872.exe
3396	Unicorn-47383.exe
2056	Unicorn-18344.exe
3676	Unicorn-18344.exe
3380	Unicorn-28741.exe
1804	Unicorn-15006.exe
4044	Unicorn-62360.exe
3748	Unicorn-58831.exe
4104	Unicorn-29688.exe
4776	Unicorn-34134.exe
2064	Unicorn-29688.exe
3464	Unicorn-47870.exe
3720	Unicorn-53735.exe
232	Unicorn-22598.exe
4328	Unicorn-26512.exe
2984	Unicorn-39126.exe
2752	Unicorn-663.exe
2384	Unicorn-25360.exe
4576	Unicorn-43734.exe
4876	Unicorn-29998.exe
5048	Unicorn-42080.exe
3556	Unicorn-855.exe
4592	Unicorn-16621.exe
4508	Unicorn-19421.exe
1656	Unicorn-38358.exe
1900	Unicorn-58224.exe
3508	Unicorn-8758.exe
4488	Unicorn-34592.exe
1012	Unicorn-36630.exe
5092	Unicorn-26808.exe
3912	Unicorn-23278.exe
3284	Unicorn-9319.exe
3984	Unicorn-44030.exe
5040	Unicorn-42568.exe
768	Unicorn-42376.exe
1820	Unicorn-19984.exe
4892	Unicorn-65463.exe
4540	Unicorn-11166.exe
5112	Unicorn-29997.exe
4144	Unicorn-57679.exe
924	Unicorn-61208.exe
2496	Unicorn-51696.exe
3092	Unicorn-2495.exe
4984	Unicorn-27192.exe
2436	Unicorn-27192.exe
4256	Unicorn-10663.exe
4580	Unicorn-43263.exe
3476	Unicorn-7326.exe
3688	Unicorn-26806.exe
3416	Unicorn-37398.exe
648	Unicorn-43342.exe
1032	Unicorn-56911.exe
5084	Unicorn-59968.exe
672	Unicorn-59968.exe
5020	Unicorn-10694.exe
4024	Unicorn-56631.exe
3496	Unicorn-43056.exe
4948	Unicorn-10383.exe
4112	Unicorn-39526.exe
1400	Unicorn-20589.exe
3776	Unicorn-42864.exe
2396	Unicorn-47503.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 3116	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	93
PID 1940 wrote to memory of 3116	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	93
PID 1940 wrote to memory of 3116	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	93
PID 3116 wrote to memory of 2672	3116	Unicorn-35144.exe	95
PID 3116 wrote to memory of 2672	3116	Unicorn-35144.exe	95
PID 3116 wrote to memory of 2672	3116	Unicorn-35144.exe	95
PID 1940 wrote to memory of 3396	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	96
PID 1940 wrote to memory of 3396	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	96
PID 1940 wrote to memory of 3396	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	96
PID 2672 wrote to memory of 2056	2672	Unicorn-51872.exe	98
PID 2672 wrote to memory of 2056	2672	Unicorn-51872.exe	98
PID 2672 wrote to memory of 2056	2672	Unicorn-51872.exe	98
PID 3396 wrote to memory of 3676	3396	Unicorn-47383.exe	99
PID 3396 wrote to memory of 3676	3396	Unicorn-47383.exe	99
PID 3396 wrote to memory of 3676	3396	Unicorn-47383.exe	99
PID 1940 wrote to memory of 3380	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	101
PID 1940 wrote to memory of 3380	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	101
PID 1940 wrote to memory of 3380	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	101
PID 3116 wrote to memory of 1804	3116	Unicorn-35144.exe	100
PID 3116 wrote to memory of 1804	3116	Unicorn-35144.exe	100
PID 3116 wrote to memory of 1804	3116	Unicorn-35144.exe	100
PID 2056 wrote to memory of 4044	2056	Unicorn-18344.exe	103
PID 2056 wrote to memory of 4044	2056	Unicorn-18344.exe	103
PID 2056 wrote to memory of 4044	2056	Unicorn-18344.exe	103
PID 2672 wrote to memory of 3748	2672	Unicorn-51872.exe	104
PID 2672 wrote to memory of 3748	2672	Unicorn-51872.exe	104
PID 2672 wrote to memory of 3748	2672	Unicorn-51872.exe	104
PID 1804 wrote to memory of 4104	1804	Unicorn-15006.exe	105
PID 1804 wrote to memory of 4104	1804	Unicorn-15006.exe	105
PID 1804 wrote to memory of 4104	1804	Unicorn-15006.exe	105
PID 3676 wrote to memory of 2064	3676	Unicorn-18344.exe	106
PID 3676 wrote to memory of 2064	3676	Unicorn-18344.exe	106
PID 3676 wrote to memory of 2064	3676	Unicorn-18344.exe	106
PID 3396 wrote to memory of 4776	3396	Unicorn-47383.exe	107
PID 3396 wrote to memory of 4776	3396	Unicorn-47383.exe	107
PID 3396 wrote to memory of 4776	3396	Unicorn-47383.exe	107
PID 3116 wrote to memory of 3464	3116	Unicorn-35144.exe	108
PID 3116 wrote to memory of 3464	3116	Unicorn-35144.exe	108
PID 3116 wrote to memory of 3464	3116	Unicorn-35144.exe	108
PID 1940 wrote to memory of 3720	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	109
PID 1940 wrote to memory of 3720	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	109
PID 1940 wrote to memory of 3720	1940	7757540622777256970b8f2f9f258c50_NEAS.exe	109
PID 3380 wrote to memory of 232	3380	Unicorn-28741.exe	110
PID 3380 wrote to memory of 232	3380	Unicorn-28741.exe	110
PID 3380 wrote to memory of 232	3380	Unicorn-28741.exe	110
PID 4044 wrote to memory of 4328	4044	Unicorn-62360.exe	111
PID 4044 wrote to memory of 4328	4044	Unicorn-62360.exe	111
PID 4044 wrote to memory of 4328	4044	Unicorn-62360.exe	111
PID 2056 wrote to memory of 2984	2056	Unicorn-18344.exe	112
PID 2056 wrote to memory of 2984	2056	Unicorn-18344.exe	112
PID 2056 wrote to memory of 2984	2056	Unicorn-18344.exe	112
PID 3748 wrote to memory of 2752	3748	Unicorn-58831.exe	113
PID 3748 wrote to memory of 2752	3748	Unicorn-58831.exe	113
PID 3748 wrote to memory of 2752	3748	Unicorn-58831.exe	113
PID 4104 wrote to memory of 2384	4104	Unicorn-29688.exe	114
PID 4104 wrote to memory of 2384	4104	Unicorn-29688.exe	114
PID 4104 wrote to memory of 2384	4104	Unicorn-29688.exe	114
PID 2672 wrote to memory of 4576	2672	Unicorn-51872.exe	115
PID 2672 wrote to memory of 4576	2672	Unicorn-51872.exe	115
PID 2672 wrote to memory of 4576	2672	Unicorn-51872.exe	115
PID 1804 wrote to memory of 4876	1804	Unicorn-15006.exe	116
PID 1804 wrote to memory of 4876	1804	Unicorn-15006.exe	116
PID 1804 wrote to memory of 4876	1804	Unicorn-15006.exe	116
PID 2064 wrote to memory of 5048	2064	Unicorn-29688.exe	117

C:\Users\Admin\AppData\Local\Temp\7757540622777256970b8f2f9f258c50_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\7757540622777256970b8f2f9f258c50_NEAS.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18344.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        9⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        11⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        11⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        11⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        10⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        10⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        10⤵
        
        PID:18276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        9⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        10⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        10⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        10⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        9⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        9⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
        9⤵
        
        PID:19132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        10⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
        10⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        9⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        9⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        9⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        9⤵
        
        PID:18684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        8⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        9⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        10⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        9⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        9⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        9⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        9⤵
        
        PID:17888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        9⤵
        
        PID:18760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        8⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        8⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        9⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        9⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        9⤵
        
        PID:17824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        8⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        8⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        8⤵
        
        PID:18732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
        8⤵
        
        PID:18668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        7⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        9⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        9⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        9⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        9⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        9⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        8⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
        9⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        9⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        9⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        8⤵
        
        PID:18152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        7⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        9⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        9⤵
        
        PID:18992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        8⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        8⤵
        
        PID:19380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        8⤵
        
        PID:18808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        8⤵
        
        PID:18584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
        7⤵
        
        PID:19120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        7⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        7⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        6⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42864.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        9⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        10⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        10⤵
        
        PID:16084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16084 -s 464
        11⤵
        Program crash
        
        PID:18884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        9⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        9⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        9⤵
        
        PID:18440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        9⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        8⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        8⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        8⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        9⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
        9⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        8⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        8⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        8⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        8⤵
        
        PID:19068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        7⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        7⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        8⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 632
        9⤵
        Program crash
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        8⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        7⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        7⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        6⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        6⤵
        Executes dropped EXE
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        8⤵
        
        PID:15868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15868 -s 212
        9⤵
        Program crash
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        8⤵
        
        PID:18880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        7⤵
        
        PID:18560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        8⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        5⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        7⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        7⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33267.exe
        6⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        7⤵
        
        PID:18676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        6⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        6⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        9⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        9⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        9⤵
        
        PID:18496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        8⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        8⤵
        
        PID:19108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        9⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        9⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        9⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        9⤵
        
        PID:19232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        8⤵
        
        PID:19372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10517.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        7⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        8⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        7⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        7⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        8⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        7⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        7⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        8⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        7⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        8⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        7⤵
        
        PID:18712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        7⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        6⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        5⤵
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        8⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        8⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        8⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        7⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        7⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        6⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
        7⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        7⤵
        
        PID:18752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        6⤵
        
        PID:18064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
        5⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        5⤵
        
        PID:19400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46230.exe
        5⤵
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        8⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        7⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        6⤵
        
        PID:18796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2629.exe
        5⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        6⤵
        
        PID:18520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
        5⤵
        
        PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        7⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46639.exe
        7⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        5⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
      4⤵
      PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
      4⤵
      PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
      4⤵
      PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        9⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        8⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        7⤵
        
        PID:18756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        7⤵
        
        PID:18492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        7⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        6⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12724 -s 464
        7⤵
        Program crash
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        6⤵
        
        PID:18764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        5⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        6⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        5⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        5⤵
        
        PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        8⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        8⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        7⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        7⤵
        
        PID:18516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        6⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        6⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        6⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 632
        7⤵
        Program crash
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        6⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        5⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57345.exe
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
      4⤵
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        5⤵
        
        PID:18500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
      4⤵
      PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
      4⤵
      PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
      4⤵
      PID:7872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        7⤵
        
        PID:16460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16460 -s 436
        8⤵
        Program crash
        
        PID:19204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        7⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        7⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        7⤵
        
        PID:18640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
        6⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        6⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        6⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        6⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        5⤵
        
        PID:19028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        7⤵
        
        PID:18560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
        5⤵
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        5⤵
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        5⤵
        
        PID:18624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
      4⤵
      PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
      4⤵
      PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14352.exe
      4⤵
      PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
      4⤵
      PID:19400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        5⤵
        
        PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        6⤵
        
        PID:18084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        6⤵
        
        PID:18636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        5⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
      4⤵
      PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
      4⤵
      PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
      4⤵
      PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        6⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        5⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        5⤵
        
        PID:18436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        5⤵
        
        PID:19060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
      4⤵
      PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
      4⤵
      PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
      4⤵
      PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
      4⤵
      PID:5844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15353.exe
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        5⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        5⤵
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
      4⤵
      PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      4⤵
      PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
      4⤵
      PID:18136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
    3⤵
    PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      4⤵
      PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
    3⤵
    PID:8932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
    3⤵
    PID:14636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
    3⤵
    PID:18740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18344.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        9⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        8⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        7⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57045.exe
        7⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        7⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        7⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        7⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        8⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        7⤵
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        6⤵
        
        PID:19156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        7⤵
        
        PID:18692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        6⤵
        
        PID:18608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        6⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38849.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        7⤵
        
        PID:18268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        6⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
        7⤵
        
        PID:18552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        7⤵
        
        PID:19404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        5⤵
        
        PID:18296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        6⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 692
        7⤵
        Program crash
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        6⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        6⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        5⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        5⤵
        
        PID:18860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        5⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
        5⤵
        
        PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
      4⤵
      PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
      4⤵
      PID:18584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
      4⤵
      PID:17544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 720
      4⤵
      Program crash
      PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        8⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        8⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        5⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
      4⤵
      PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
      4⤵
      PID:17544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
      4⤵
      PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        5⤵
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        5⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        5⤵
        
        PID:18840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      4⤵
      PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
      4⤵
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
    3⤵
    PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
      4⤵
      PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
      4⤵
      PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
      4⤵
      PID:18844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
    3⤵
    PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
      4⤵
      PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
      4⤵
      PID:18700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
    3⤵
    PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
    3⤵
    PID:14860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
    3⤵
    PID:18108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
    3⤵
    PID:5772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        7⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        7⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        7⤵
        
        PID:18720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        6⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        5⤵
        
        PID:19148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        7⤵
        
        PID:18672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        5⤵
        
        PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        6⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        5⤵
        
        PID:18708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
      4⤵
      PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        5⤵
        
        PID:18704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
      4⤵
      PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        7⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        6⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        6⤵
        
        PID:19388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33755.exe
        6⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
        7⤵
        
        PID:19356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        6⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        6⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        5⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        6⤵
        
        PID:18836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        5⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        5⤵
        
        PID:18128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
      4⤵
      PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        5⤵
        
        PID:19044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
      4⤵
      PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        5⤵
        
        PID:18448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
      4⤵
      PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
    3⤵
    PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        5⤵
        
        PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
      4⤵
      PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
      4⤵
      PID:19364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
    3⤵
    PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
      4⤵
      PID:18484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
    3⤵
    PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
    3⤵
    PID:14660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
    3⤵
    PID:18692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2561.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
        7⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        7⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        6⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        5⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42688.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        6⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        5⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18286.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        6⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        5⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
      4⤵
      PID:18120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        5⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        5⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      4⤵
      PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
      4⤵
      PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
      4⤵
      PID:19008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        5⤵
        
        PID:18480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        5⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        5⤵
        
        PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
      4⤵
      PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
      4⤵
      PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
      4⤵
      PID:17796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
    3⤵
    PID:6716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
    3⤵
    PID:13220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26438.exe
    3⤵
    PID:18556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        5⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
        6⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        6⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        6⤵
        
        PID:18896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        5⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        5⤵
        
        PID:18528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
      4⤵
      PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
      4⤵
      PID:16552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
    3⤵
    PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
      4⤵
      PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
        5⤵
        
        PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
      4⤵
      PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      4⤵
      PID:18804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
    3⤵
    PID:7468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
    3⤵
    PID:10396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
    3⤵
    PID:15552
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 15552 -s 436
      4⤵
      Program crash
      PID:18896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
    3⤵
    PID:18956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
      4⤵
      PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        5⤵
        
        PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
      4⤵
      PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
      4⤵
      PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
      4⤵
      PID:18880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
    3⤵
    PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
      4⤵
      PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      4⤵
      PID:6764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
    3⤵
    PID:10208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
    3⤵
    PID:14692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
    3⤵
    PID:1496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
  2⤵
  PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    3⤵
    PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
      4⤵
      PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
      4⤵
      PID:3328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
    3⤵
    PID:10072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
    3⤵
    PID:16256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
    3⤵
    PID:5404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
  2⤵
  PID:7360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
    3⤵
    PID:10272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
    3⤵
    PID:13860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
    3⤵
    PID:18328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
    3⤵
    PID:8872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
  2⤵
  PID:10360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
  2⤵
  PID:14536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
  2⤵
  PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4776 -ip 4776
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6236 -ip 6236
1⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 8000 -ip 8000
1⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 12724 -ip 12724
1⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 15868 -ip 15868
1⤵
PID:15916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 9152 -ip 9152
1⤵
PID:17180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 16460 -ip 16460
1⤵
PID:18956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 14960 -ip 14960
1⤵
PID:19316

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe

Filesize
184KB

MD5
31d1422f753b636cef5e47a1c44525f1

SHA1
882cf0894c65d5c8558c10756a86bd18411cd464

SHA256
c8aa2873fb1403240cd750520ef189c4cbf2081374dce18f6285ff638a1f54b8

SHA512
c8e47d011c4af88691aa43273aff1ce42c0ff70d714a68983147c8b157025155779537ee72dad3d4c2fec8039475d69b01a2a4ecc7576d06b89fdef4f6046988

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe

Filesize
184KB

MD5
23639bdbc61e8a3f02ab5598048cb61a

SHA1
06e8679d4fb0c3f3343bfc3fe8e3ea2361e2ccd3

SHA256
591c7702082b27840cd640427c13dcc5997be49c1bb302630a3b6effecd8136a

SHA512
84d0e466ec95a2a3120e76535f06c230307c314588f44aad82197b36003a985619cd36cb95424104eb86ee39775868f2022cbd05c6d520ba9010aba685e51ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18344.exe

Filesize
184KB

MD5
9c94a632190ef675484445bad24c70f7

SHA1
e770cb16f4ee0e22a8b4a02de7b4cc9a041a2f0f

SHA256
9c7cb9dbb48022c4d5fedf065192df8e5bff3ce4e2968cffaf287d93390edb41

SHA512
4310d86704df67db28a4f0544068a435de6fed8742f11ca207388b7071106defa9fff8d3a2a1e8c9320e279d18687124304cf9f8ef4fca69efbc653a6a30bf34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe

Filesize
184KB

MD5
5fbfaaaa4158f2aef4edf9aee4fbc79d

SHA1
772246175867e646d6e66562f8ce9cf109f48ea1

SHA256
7cd190e2d5a6488d7197abe0ce1ff0a92f639e9f9e67927514ec7d177f21d900

SHA512
54e54c634ddd5593fef937ac91a503bb6a23f453e5eb07922f612116bcc7168ad7cae033f1d5ca46c208766d87e5c6f03414cf4de28b2b0ae52341cfcf12515d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe

Filesize
184KB

MD5
e8f75cf499000c6b3660f2e51e5b24f4

SHA1
3195d8ac863c04a6abfa0b43e654ef154db3858e

SHA256
c27521b569f5b575873be6ae08f12e767ae20f76ea7d91ddd922aa249a2bb14a

SHA512
5310186dd6ac9c3735b328bcbef6cd71c646d9ad56498817e8df6f6026bee29a759650bdf5cda2b454ab8f34b133dab0a765b63df6a26fb33590d0717bae3ff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe

Filesize
184KB

MD5
345dc5990df992d99009ba469142b9f5

SHA1
d6c94186d4bd254e8379d0c83841bac258a05c15

SHA256
81fe3787c1c34fbcb12244f1ce39cb2d9a55a9f95d360d9fa8dfdd5c2347143c

SHA512
70f98b17511db4a5bcfd8d12020c9023cdd592ab8faa2ac34c4d0ac1ebfc106cce01f89275da431719a0d7bda60b6d4478eb51877ce9e7fdf1f7a269bb618cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe

Filesize
184KB

MD5
465f106f41830ace4a6ab0375a849637

SHA1
ce7d4fdfd38f378e7346205fb27a1b29a8d511a0

SHA256
e15b9c46b0bf9ec71a786e31e51afbe2786e33398bb66f714104fa328059b3f4

SHA512
24ae5cc017cad72373704600075f91fdb0741e236876c67b50ac88c010d267ecd58f15fca654c540e173364471dbaa77602e9f8b83f04208bea21989c3c1dddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe

Filesize
184KB

MD5
1f85bc74e8527daed3924b458bf976c6

SHA1
9da9bc70c913ecde2b1d9393fd7a41c9d35cd327

SHA256
f10bb683bfac396d620c96966e0512c3358d99b1e0f7a4d2595a5375e0193345

SHA512
18717d450c1416b32d800694395ecb72fce9d6869503b51c1e6132ab3f0693ee4a79f9abf0e289d942770e8bba8159c51ca13435eb3b8731d9f487f7073cb989

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe

Filesize
184KB

MD5
a908ba67f09d8949ae05917c3f8ce29f

SHA1
31f01d49aff5545e04b5c815926fe04a5c297170

SHA256
b270ae5c8b512d4c227ff9e036518f764574c5bb63d8ca1aa261103af58be63c

SHA512
d34f1b057fde3be7adf4a1c5efdbec0d714d92351f1fa071a4ae8b1f4be6535f2977daaca1622109c603b1e10833879e5c937251cee119cd04b9b52b279b2117

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe

Filesize
184KB

MD5
3b324ee764001b5ec890da7d36a9c61e

SHA1
053ee7151be840f9ef0929aa0ad6f6b300ee627d

SHA256
14281d4f768250834d12a172318b1536ef1f68d12c50ab79ca38a05627b6fffd

SHA512
db99a6bca961673bf0a14a1b043719a2bcb91f5cee1d7de36c113c0c4b77023f4a6bbf38a5878d4ae47f226bfcae81b029ec8728b19715d53ce80759d756e237

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe

Filesize
184KB

MD5
e8b11bc0a630ba7ae7cb58fd9d7e30c4

SHA1
514346e2e100020cd147440491b903eaf99ecb5e

SHA256
223aa6c2d16c77150792933dd23a7a31fddaebce892318d8a574f0e1a2f0b247

SHA512
a93238dc8b8488a5ca801da6ecfec238e226a0328e27304daa0b27d3f4f308d319957776f88d23c2f9699fbecf4b7e2efc04f78a71ef001bca5b60a1e876e9d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe

Filesize
184KB

MD5
1218b2dd7bcdfb5ba0158a8e8b0b35dd

SHA1
735a0aef12327b1d9506adf155ee8ab4f8a4fa79

SHA256
c043984170fa7b696935bfd5744e8b758925dad7c92354cda67d1f4c47412a2a

SHA512
4b8c9857d19cb356b11b0128604abdada2159f7efa68c2613a75e9cff78318e18bfa3f2513c1a122b26f038c60006e0bae8c0de2ab1351ff9783cbd7d495839a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe

Filesize
184KB

MD5
59132c9a9e44df2ee079936082827dcc

SHA1
65827b7e9bb4e7c0631ea465b28e25f0794b7eb7

SHA256
cdace088aed809e17fc4387744142a0282d7a501e931cb23ccfd5f6ae98b2f43

SHA512
55d900483a0b4849d18c61fda4bdc00cf52fd4bd96df4162cfe9397871cc746c88d7794a5cbd27c338cc808c8da98ca7d05e10afc92894dac85915f0585b5cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe

Filesize
184KB

MD5
6377e98fcfb2c1a29c81f0c6904e8397

SHA1
de4ae66597fcfa7ba624ace7d51cdca0bf8351fa

SHA256
0c55351d61878b734d30dc60147540c999a0f3120ab8373d7e408bf9cb9abf30

SHA512
c85704ffe6e62b91485c2d95c5c7a94a75d12721efad02fddafd7be84b91dffe4dea786a86e46dec48223c8ddbb874ba5005ba5066201da29542ba592f84eeca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe

Filesize
184KB

MD5
471bef0c93be25966a123042b532c7f9

SHA1
4bc70557b8f0e0182f575872859adb065c158619

SHA256
8334bef427954ab218d7dce4cc3c6a9730c5a076cfb019ff17acd8a2e8c73110

SHA512
3d8fa7367b34909faf65aded7cc536fd7c44b482d628361da6e372a2744bebbbe61e3a2cf088b8b9c4c6f9768b6b00fa9eef27b14f7ea43d0ebb6413bd9d3e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe

Filesize
184KB

MD5
3d833027522edff9c72ce08ec69a0b0d

SHA1
936ddf36bb39edcc97775e85d43ac9e9b7b78d7c

SHA256
9276f778d76499913696306e7c43605a3b29d11fd8562f66011539b549d8abec

SHA512
8aa09b8e3b63783c2e40f2c3cf4fcdd816da8383db0b9af3e214ef6222e52bcb63625f4887ec3e01e22163e358be5392dc3490e17bacd95944fd242605c7f1c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe

Filesize
184KB

MD5
45c3982ef0e4e04aa8aa80a9adcfa3a4

SHA1
c481d741611a42d9adc14b7b3998a806b89bff6c

SHA256
b87f1d4112d842d5255c61056aa4aacc6962f671213266cd1c6231753c506281

SHA512
f24f767cfc814de9d4d32305d63ab8c8c46f6953d63366028b51a20eecbfa06fe9346e1120446010f728320ca686f0e8ad6b9c060f52f791bd65c893888f39f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe

Filesize
184KB

MD5
6ae5165cfdbad871974b02bd05c78cc3

SHA1
5fbbf433c13c7a26de731c02eb1b98f270d7a4d1

SHA256
a1cd5efaf14b85ddbea128ca3241d2e843d4cd5231ac1f54c6e40a2d768842e8

SHA512
3569d8e7784fcf650957cebe94736f90e1509baabb06ca91f824337e47f2cb20a382e953d4bfb36eec9bd0f32bb153f7f3c54973591b70cbb0b1d3e02476bfcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe

Filesize
184KB

MD5
4384a1336be9249aec91130a31f9da5d

SHA1
94f27d2d0371bc07f5135728b36a132c4aa054c2

SHA256
5cf322f6e7b55fb3d9b4712dd06c600481584eba03717c15213a06d15c603f52

SHA512
205bf5372bccaf76712610de3c69425147c8c804ffda5f8e1ebbd35dfd7da29f508c157fe2e611286609f6635db0d26808aa7e69002e64a8e01e47629b109bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe

Filesize
184KB

MD5
8152e44697b40fae66194af6cdf94583

SHA1
cece2a20270bdd7394d0c5f967a289cdb8d1cea8

SHA256
08aac9e85821f37852e639d6dc4f83be55f16971d7a3ce3ae26c28a2dfd9f144

SHA512
97375f9e73891450d9692effb7ab23222807533cea76b8e2fa04ab080aa54b29210994d8f907f42154882af77498d68e3e5c5821a7c80fc9f9feb9e03c98b068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe

Filesize
184KB

MD5
6a5e229d13cd95b1763250834f2a2412

SHA1
9b4e27b732e3965848ebbd012ee798194a85b8a1

SHA256
81b74a1a1cf057e2c35e3d326011c3191323e2a3b7574398b8022c2b114f058a

SHA512
ba6da3c0ba9e0cf5fb19c307a5004841a047cd77be46089349f0cb6e747b02e52b97ba2f739dba0956ef80c31560b38e75a337000d6d34c181ff6853d3c163a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe

Filesize
184KB

MD5
9b65ec4ae4a7004bccd61561a3d0c8bc

SHA1
1f4aee62394eb0f567f217e0ac02b83caea1d7ae

SHA256
2ed54ba6332f670ddf667984f28bd69e0c7a38277ac9d81f162a14a3b0a7d1b4

SHA512
7f8d84f3295786494267e9fd55737ac036a4404b8a1840534bfe8f5613e22daed467e73200b494412aff20d3b487a3d1c76ea5c8d276cf5870b5f81f8f03aa29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe

Filesize
184KB

MD5
176bc626b35dc2e2bb1f8df565790657

SHA1
682bb75afd5a51e9a50e28ba2035356e6e9a5770

SHA256
b6894b40415f1275300098a5c49f0327ff07d29fd442bf8b623b955d023422ab

SHA512
5dc9cd6ed45ee3b771affa859d21ac5f1a809af79ed544f749ab141f650f5aea7fa140eb848b3032df3432c9774e5a4c3d891f44a9076151919cc2e98c52999f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe

Filesize
184KB

MD5
c0908644396af84f3f5182d1b8a2ed67

SHA1
3fd09c71a63184238f0be6025c10aca2759d9ab2

SHA256
4523728efef1e0a1cf4d27356e360297961e61bd57e41de0c57ba06c671f6d84

SHA512
31822663f8c6ca311ee74a9676aeb88ce7f229e149c66499bc33a19ab1ed3ce8332f61ab46af176e04ce2b1151ff45ff50d72128c8cc09b607235fb8f4961193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe

Filesize
184KB

MD5
b4e198de95d004756497b733807eb550

SHA1
dde0639124491b7d4c27a0adaf84c90e07ddcb63

SHA256
526be2d5ecde58354d8770ebab5cfd0554c5331d08e23b64e9efff81c3350a46

SHA512
097d3acb6c3a6a5c0b78f437ad6a31186af4aa921fb6f1fba8f1f826cf99600853e72c80cb7740629a44e8fbc7a9db903904e9d180c1412f579c2564dbd86d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe

Filesize
184KB

MD5
bb50b6b1e2ab91946f09bf70e4af1fe4

SHA1
6dbe5d654a09eb69656b02b3f2aa0f5c30567f43

SHA256
33cecdafe0ba254595667eeab0d98b18adfc1ac5d75eed4e59df5370b1197ee7

SHA512
47c40d7a311c5c8cad9195059d1ccfe4c0691dcc598b18379f904197c0da720c955f069615370d870dbdcf01bf4e894feaf460aa93afac8081c41fc326eb4a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe

Filesize
184KB

MD5
6a440c6377f3726ee898607f3cc4a85f

SHA1
be86fa0feb89360486a976233b22b5c329ddcd76

SHA256
d219648acbae99c3233ca1cd3fe501427e6538484c32822e8bee7f4b8ea43475

SHA512
f128a8f15920b6782f7e8a4f81ae31895bd0c7475b77a2f096c10e641cd02e86753b9863fbfb7474bfd559b72b5c9ebaad1c2b1b35f01fc2d1cab8756dca51d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe

Filesize
184KB

MD5
e851d4e0d3a91a67afaa45ed9b73da0c

SHA1
4dd5f76657fee4c292a287d178065f941d9a9bea

SHA256
d8314b3eb112c9f98a4d6e2ff622fede42d8e5d19f956f545e0f0ce91d8266d3

SHA512
6c76dc6273c3ad1a70ba6c6461673699341dc75443eadf2bcaec739e3252fdc6e7174a027492bd094228bccdf9834c3f7545cb26f5be7e671c19525d5bc3495d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe

Filesize
184KB

MD5
215aa30a4ece7f1f3f48583c6c35e8ce

SHA1
b60daf63507ab8ed3d9dbdc42237a7a116f28ca2

SHA256
0714907c836df461267efbe00b58d4510b9be26f2315bdddbc8ea84e028e770b

SHA512
934981f696435d1d8f10970a4ccbff9d197da28618cc898c44b350586fc49cb6f456eb0c30651c30d9bf84eacb1d35161a9e3ed4f4194f8e7ae2322550a262c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe

Filesize
184KB

MD5
e29f6cbe0e7fb8aa500bff4c13de7796

SHA1
185310a0436ed6706e005cd588cde05d4799ecce

SHA256
81c4ddaaef68608e65f10a1ec2c580471ac5260aab144e16f0218727d10f4bf2

SHA512
839506e10088d5d74da94617633e8c61821797821a30d9b300502203d699716441d8bef95cf53553186706b0b2bb1763c6a5799cc10e9ba95be92cefa4918a89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe

Filesize
184KB

MD5
77adda7dfd154ff46cc49b408303bdb6

SHA1
1f94b4fb2565ebe4583bc6b824c147247609b954

SHA256
e843a1c6774d525d3e33a597b5b98ed4426ead5b008c7d44ee19f2ec3209e68f

SHA512
d500d1f53dad60ed2c4167839f8bc96095f0b24f293c5d82ccd4b50d99cb1c9b9ac3fe2a0dcca883b1fd7b0fa70f3f1d6551851abae9bafb9f7a67858042aed5

Download Submit
memory/5664-3998-0x00000000754D0000-0x000000007554B000-memory.dmp

Filesize
492KB

Download
memory/5828-5723-0x0000000076A80000-0x0000000076B5C000-memory.dmp

Filesize
880KB

Download
memory/7472-3912-0x00000000751E0000-0x000000007533D000-memory.dmp

Filesize
1.4MB

Download
memory/14568-5017-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/19620-4418-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/19620-4419-0x00007FF80C480000-0x00007FF80C4D9000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads