16b1fadf36026f2e19f1c554d6eb8555f540251653b97d5eb888223651cee801

Analysis

max time kernel
147s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe
Size

184KB
MD5

e7108d003c5fcbfbb8fbc5a63b4a9d10
SHA1

36478be59fdd70916bcab9d3beebd53bfc4ed326
SHA256

16b1fadf36026f2e19f1c554d6eb8555f540251653b97d5eb888223651cee801
SHA512

49000f3ae17620825d1151971198f810185913c112066ecc5071782c72d01068c71b3904eb0d9e48c353c23fc0d11b4a0c2a388a2f08b40f8134bc5a5e944770
SSDEEP

3072:fWKou3onps06LdCBTCx9jbhFMlvnqnviuY:fWwoQxCBKjVFMlPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
5116	Unicorn-36899.exe
4716	Unicorn-24227.exe
836	Unicorn-37033.exe
1688	Unicorn-4530.exe
4576	Unicorn-36819.exe
3848	Unicorn-15229.exe
4960	Unicorn-16953.exe
820	Unicorn-53939.exe
2096	Unicorn-52906.exe
4632	Unicorn-23571.exe
1216	Unicorn-39331.exe
4184	Unicorn-39066.exe
4540	Unicorn-22995.exe
668	Unicorn-1405.exe
2696	Unicorn-53207.exe
3216	Unicorn-8210.exe
1572	Unicorn-21017.exe
4680	Unicorn-7634.exe
3268	Unicorn-18032.exe
5040	Unicorn-58179.exe
3396	Unicorn-5833.exe
4172	Unicorn-9855.exe
3392	Unicorn-11209.exe
2748	Unicorn-11474.exe
924	Unicorn-60483.exe
4880	Unicorn-61552.exe
3264	Unicorn-2736.exe
4476	Unicorn-58215.exe
2484	Unicorn-38209.exe
2292	Unicorn-24473.exe
2148	Unicorn-11666.exe
3320	Unicorn-7935.exe
4432	Unicorn-35625.exe
3596	Unicorn-39347.exe
1480	Unicorn-22435.exe
716	Unicorn-48977.exe
4464	Unicorn-55107.exe
4064	Unicorn-2761.exe
2760	Unicorn-6025.exe
264	Unicorn-60499.exe
3608	Unicorn-40825.exe
2124	Unicorn-60691.exe
2128	Unicorn-57249.exe
4212	Unicorn-64339.exe
4560	Unicorn-45543.exe
3316	Unicorn-14562.exe
3984	Unicorn-63763.exe
4704	Unicorn-17059.exe
2736	Unicorn-17059.exe
4760	Unicorn-43601.exe
5104	Unicorn-17251.exe
2136	Unicorn-57521.exe
3416	Unicorn-49731.exe
3792	Unicorn-27456.exe
3920	Unicorn-46010.exe
1744	Unicorn-338.exe
4744	Unicorn-29481.exe
2756	Unicorn-530.exe
2976	Unicorn-73.exe
1632	Unicorn-13337.exe
1908	Unicorn-40601.exe
4752	Unicorn-35069.exe
1620	Unicorn-23987.exe
1192	Unicorn-36409.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
6112	2716	WerFault.exe	160
5900	3992	WerFault.exe	166
14276	12436	WerFault.exe	611
11788	11572	WerFault.exe	612
14028	12156	WerFault.exe	609
14020	11964	WerFault.exe	598
18412	15508	WerFault.exe	826
5524	14996	WerFault.exe	830
17840	4988	WerFault.exe	838
3176	15992	WerFault.exe	831
13968	12976	Process not Found	1199

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16544	Process not Found
Token: SeChangeNotifyPrivilege	16544	Process not Found
Token: 33	16544	Process not Found
Token: SeIncBasePriorityPrivilege	16544	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe
5116	Unicorn-36899.exe
4716	Unicorn-24227.exe
836	Unicorn-37033.exe
1688	Unicorn-4530.exe
3848	Unicorn-15229.exe
4576	Unicorn-36819.exe
4960	Unicorn-16953.exe
820	Unicorn-53939.exe
2096	Unicorn-52906.exe
4632	Unicorn-23571.exe
668	Unicorn-1405.exe
4184	Unicorn-39066.exe
1216	Unicorn-39331.exe
4540	Unicorn-22995.exe
2696	Unicorn-53207.exe
3216	Unicorn-8210.exe
1572	Unicorn-21017.exe
4680	Unicorn-7634.exe
3268	Unicorn-18032.exe
5040	Unicorn-58179.exe
3396	Unicorn-5833.exe
4172	Unicorn-9855.exe
4476	Unicorn-58215.exe
3264	Unicorn-2736.exe
3392	Unicorn-11209.exe
2148	Unicorn-11666.exe
924	Unicorn-60483.exe
2484	Unicorn-38209.exe
2748	Unicorn-11474.exe
4880	Unicorn-61552.exe
2292	Unicorn-24473.exe
3320	Unicorn-7935.exe
1480	Unicorn-22435.exe
3596	Unicorn-39347.exe
716	Unicorn-48977.exe
4464	Unicorn-55107.exe
2760	Unicorn-6025.exe
4064	Unicorn-2761.exe
264	Unicorn-60499.exe
3608	Unicorn-40825.exe
2124	Unicorn-60691.exe
2128	Unicorn-57249.exe
4212	Unicorn-64339.exe
4560	Unicorn-45543.exe
3316	Unicorn-14562.exe
3984	Unicorn-63763.exe
2736	Unicorn-17059.exe
3416	Unicorn-49731.exe
4704	Unicorn-17059.exe
4760	Unicorn-43601.exe
5104	Unicorn-17251.exe
3920	Unicorn-46010.exe
2136	Unicorn-57521.exe
2756	Unicorn-530.exe
2976	Unicorn-73.exe
4744	Unicorn-29481.exe
3792	Unicorn-27456.exe
1744	Unicorn-338.exe
1632	Unicorn-13337.exe
1908	Unicorn-40601.exe
1620	Unicorn-23987.exe
1192	Unicorn-36409.exe
3048	Unicorn-41968.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 5116	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	85
PID 640 wrote to memory of 5116	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	85
PID 640 wrote to memory of 5116	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	85
PID 5116 wrote to memory of 4716	5116	Unicorn-36899.exe	86
PID 5116 wrote to memory of 4716	5116	Unicorn-36899.exe	86
PID 5116 wrote to memory of 4716	5116	Unicorn-36899.exe	86
PID 640 wrote to memory of 836	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	87
PID 640 wrote to memory of 836	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	87
PID 640 wrote to memory of 836	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	87
PID 4716 wrote to memory of 1688	4716	Unicorn-24227.exe	88
PID 4716 wrote to memory of 1688	4716	Unicorn-24227.exe	88
PID 4716 wrote to memory of 1688	4716	Unicorn-24227.exe	88
PID 836 wrote to memory of 4576	836	Unicorn-37033.exe	89
PID 836 wrote to memory of 4576	836	Unicorn-37033.exe	89
PID 836 wrote to memory of 4576	836	Unicorn-37033.exe	89
PID 5116 wrote to memory of 4960	5116	Unicorn-36899.exe	90
PID 5116 wrote to memory of 4960	5116	Unicorn-36899.exe	90
PID 5116 wrote to memory of 4960	5116	Unicorn-36899.exe	90
PID 640 wrote to memory of 3848	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	91
PID 640 wrote to memory of 3848	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	91
PID 640 wrote to memory of 3848	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	91
PID 1688 wrote to memory of 820	1688	Unicorn-4530.exe	92
PID 1688 wrote to memory of 820	1688	Unicorn-4530.exe	92
PID 1688 wrote to memory of 820	1688	Unicorn-4530.exe	92
PID 4716 wrote to memory of 2096	4716	Unicorn-24227.exe	93
PID 4716 wrote to memory of 2096	4716	Unicorn-24227.exe	93
PID 4716 wrote to memory of 2096	4716	Unicorn-24227.exe	93
PID 3848 wrote to memory of 4632	3848	Unicorn-15229.exe	94
PID 3848 wrote to memory of 4632	3848	Unicorn-15229.exe	94
PID 3848 wrote to memory of 4632	3848	Unicorn-15229.exe	94
PID 4576 wrote to memory of 1216	4576	Unicorn-36819.exe	95
PID 4576 wrote to memory of 1216	4576	Unicorn-36819.exe	95
PID 4576 wrote to memory of 1216	4576	Unicorn-36819.exe	95
PID 640 wrote to memory of 4184	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	96
PID 640 wrote to memory of 4184	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	96
PID 640 wrote to memory of 4184	640	e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe	96
PID 5116 wrote to memory of 668	5116	Unicorn-36899.exe	99
PID 5116 wrote to memory of 668	5116	Unicorn-36899.exe	99
PID 5116 wrote to memory of 668	5116	Unicorn-36899.exe	99
PID 4960 wrote to memory of 4540	4960	Unicorn-16953.exe	97
PID 4960 wrote to memory of 4540	4960	Unicorn-16953.exe	97
PID 4960 wrote to memory of 4540	4960	Unicorn-16953.exe	97
PID 836 wrote to memory of 2696	836	Unicorn-37033.exe	98
PID 836 wrote to memory of 2696	836	Unicorn-37033.exe	98
PID 836 wrote to memory of 2696	836	Unicorn-37033.exe	98
PID 820 wrote to memory of 3216	820	Unicorn-53939.exe	100
PID 820 wrote to memory of 3216	820	Unicorn-53939.exe	100
PID 820 wrote to memory of 3216	820	Unicorn-53939.exe	100
PID 1688 wrote to memory of 1572	1688	Unicorn-4530.exe	101
PID 1688 wrote to memory of 1572	1688	Unicorn-4530.exe	101
PID 1688 wrote to memory of 1572	1688	Unicorn-4530.exe	101
PID 2096 wrote to memory of 4680	2096	Unicorn-52906.exe	102
PID 2096 wrote to memory of 4680	2096	Unicorn-52906.exe	102
PID 2096 wrote to memory of 4680	2096	Unicorn-52906.exe	102
PID 4716 wrote to memory of 3268	4716	Unicorn-24227.exe	103
PID 4716 wrote to memory of 3268	4716	Unicorn-24227.exe	103
PID 4716 wrote to memory of 3268	4716	Unicorn-24227.exe	103
PID 4632 wrote to memory of 5040	4632	Unicorn-23571.exe	104
PID 4632 wrote to memory of 5040	4632	Unicorn-23571.exe	104
PID 4632 wrote to memory of 5040	4632	Unicorn-23571.exe	104
PID 3848 wrote to memory of 3396	3848	Unicorn-15229.exe	105
PID 3848 wrote to memory of 3396	3848	Unicorn-15229.exe	105
PID 3848 wrote to memory of 3396	3848	Unicorn-15229.exe	105
PID 668 wrote to memory of 4172	668	Unicorn-1405.exe	106

C:\Users\Admin\AppData\Local\Temp\e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\e7108d003c5fcbfbb8fbc5a63b4a9d10_NEIKI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36899.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36899.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        10⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        10⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        10⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        10⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        9⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        9⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        9⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        9⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        9⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        9⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11964 -s 212
        10⤵
        Program crash
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        9⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        9⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5483.exe
        8⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        8⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        9⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        9⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        9⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        8⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        8⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29214.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        7⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        6⤵
        Executes dropped EXE
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        6⤵
        Executes dropped EXE
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        9⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        9⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12436 -s 176
        10⤵
        Program crash
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        9⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        7⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        7⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        7⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        7⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        7⤵
        
        PID:17676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        9⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        9⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
        9⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        9⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        9⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        8⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        8⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        8⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        8⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
        7⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        7⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        8⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
        8⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        7⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        7⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40764.exe
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        7⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        6⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        7⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        7⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        7⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        7⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        6⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        6⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        6⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        6⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
        6⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        5⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        5⤵
        
        PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        9⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        9⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        9⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        8⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        8⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        8⤵
        
        PID:17928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        7⤵
        
        PID:18220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
        7⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        6⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        8⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        8⤵
        
        PID:17684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        7⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        7⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        7⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        8⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1131.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        7⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        7⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        7⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        6⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        6⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        6⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        8⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        8⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        8⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        7⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        6⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        7⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        7⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        7⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        6⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        5⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        6⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        5⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
      4⤵
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        6⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
        5⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        5⤵
        
        PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        5⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
      4⤵
      PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
      4⤵
      PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
      4⤵
      PID:18312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        8⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        8⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        7⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        7⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41028.exe
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        6⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        6⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        7⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        7⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        5⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        7⤵
        
        PID:17668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        6⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        6⤵
        
        PID:17712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        6⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        5⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        6⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        5⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        5⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        5⤵
        
        PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        5⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        5⤵
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
      4⤵
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
      4⤵
      PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
      4⤵
      PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
      4⤵
      PID:8576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        8⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        7⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
        6⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        7⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46002.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
        6⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13915.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
        5⤵
        
        PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        6⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        5⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        5⤵
        
        PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
      4⤵
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        6⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        5⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
      4⤵
      PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        5⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        5⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      4⤵
      PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        5⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
      4⤵
      PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
      4⤵
      PID:7100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
      4⤵
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        6⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        6⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        5⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
      4⤵
      PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
      4⤵
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
      4⤵
      PID:16556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      4⤵
      PID:11472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
      4⤵
      PID:4988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 440
        5⤵
        Program crash
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
    3⤵
    PID:6956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
    3⤵
    PID:9080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
    3⤵
    PID:13600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33812.exe
    3⤵
    PID:14752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
    3⤵
    PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
    3⤵
    PID:16424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        8⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        7⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
        7⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        8⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
        7⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        7⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        6⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        8⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        6⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        6⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        6⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        5⤵
        
        PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11444.exe
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48655.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
        7⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13915.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51140.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        5⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        7⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        6⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26979.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22795.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        6⤵
        
        PID:17040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        6⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        6⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
        5⤵
        
        PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        5⤵
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
      4⤵
      PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
      4⤵
      PID:16460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        7⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        6⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        6⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        6⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        7⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        6⤵
        
        PID:15992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15992 -s 436
        7⤵
        Program crash
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      4⤵
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        5⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        5⤵
        
        PID:16440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        5⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
      4⤵
      PID:13032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        6⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        6⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        6⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        6⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        5⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        5⤵
        
        PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        5⤵
        
        PID:11572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11572 -s 176
        6⤵
        Program crash
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        5⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
      4⤵
      PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
      4⤵
      PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
      4⤵
      PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
      4⤵
      PID:17936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        6⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        6⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        5⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        5⤵
        
        PID:15508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15508 -s 464
        6⤵
        Program crash
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
      4⤵
      PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
      4⤵
      PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
      4⤵
      PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
      4⤵
      PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
      4⤵
      PID:8496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
    3⤵
    PID:6652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
    3⤵
    PID:10188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
    3⤵
    PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
    3⤵
    PID:15184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        6⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 648
        7⤵
        Program crash
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        7⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        6⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        7⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        6⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        6⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        5⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        5⤵
        
        PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        6⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        5⤵
        
        PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
      4⤵
      PID:14388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        7⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        6⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        6⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12156 -s 180
        7⤵
        Program crash
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        6⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12873.exe
      4⤵
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        6⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        5⤵
        
        PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
      4⤵
      PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
      4⤵
      PID:8736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
      4⤵
      PID:3992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 632
        5⤵
        Program crash
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        5⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        5⤵
        
        PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
      4⤵
      PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
      4⤵
      PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
    3⤵
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        5⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        5⤵
        
        PID:18172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
      4⤵
      PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
      4⤵
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
    3⤵
    PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
      4⤵
      PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
      4⤵
      PID:17880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
    3⤵
    PID:8832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
    3⤵
    PID:12036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
    3⤵
    PID:16104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
    3⤵
    PID:3524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        5⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
        6⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46597.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        6⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        5⤵
        
        PID:14996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14996 -s 440
        6⤵
        Program crash
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        5⤵
        
        PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
      4⤵
      PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
      4⤵
      PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        6⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
      4⤵
      PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
      4⤵
      PID:14048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
      4⤵
      PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
      4⤵
      PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
      4⤵
      PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
      4⤵
      PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
    3⤵
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
      4⤵
      PID:17540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
    3⤵
    PID:9452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
    3⤵
    PID:13716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
    3⤵
    PID:16604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
    3⤵
    PID:4604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
      4⤵
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
      4⤵
      PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
      4⤵
      PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
      4⤵
      PID:8624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51130.exe
    3⤵
    PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
      4⤵
      PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
      4⤵
      PID:16144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
      4⤵
      PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
    3⤵
    PID:7392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
    3⤵
    PID:11440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
    3⤵
    PID:17896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40601.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40601.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
    3⤵
    PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        5⤵
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
      4⤵
      PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
      4⤵
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
    3⤵
    PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
    3⤵
    PID:9264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
    3⤵
    PID:13788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
    3⤵
    PID:16640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
    3⤵
    PID:5828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
    3⤵
    PID:6552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
  2⤵
  PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
    3⤵
    PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
    3⤵
    PID:10612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
    3⤵
    PID:15012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
    3⤵
    PID:17588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
  2⤵
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
  2⤵
  PID:11536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
  2⤵
  PID:15424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
  2⤵
  PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2716 -ip 2716
1⤵
PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3992 -ip 3992
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 11964 -ip 11964
1⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 12156 -ip 12156
1⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 12436 -ip 12436
1⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 11572 -ip 11572
1⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 10292 -ip 10292
1⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6064 -ip 6064
1⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 11372 -ip 11372
1⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 11900 -ip 11900
1⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 12064 -ip 12064
1⤵
PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 12008 -ip 12008
1⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 12132 -ip 12132
1⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 12148 -ip 12148
1⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 11452 -ip 11452
1⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 11996 -ip 11996
1⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 15508 -ip 15508
1⤵
PID:17772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 14996 -ip 14996
1⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4988 -ip 4988
1⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 15992 -ip 15992
1⤵
PID:18252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2200 -ip 2200
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3016 -ip 3016
1⤵
PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe

Filesize
184KB

MD5
aca5e20bf157a15967bf6a4927f1c9d9

SHA1
98f3f2b14e5e9d4cb3b5521077227fb8ef9c3582

SHA256
373d35dcc59f55bab9bf682a953713c8107de4a0c97adf18458d203cfa407dec

SHA512
19c1c749dfdd14602aa7d072009967a563358e9ff7eec4e2d4be1389ffbcd4c7e1696dd4c81716f956ee8b1ed7d0656f2e88c15a0d1b743851601f0fea323220

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe

Filesize
184KB

MD5
727eef30dfbd1326a8fb7ef044ea03f6

SHA1
54f022d1a72f662c7cb754b53a6a4b0eda89fd06

SHA256
6ee73ce99bbd4007e36037991f2aca126293c887b69137440123c59e0931e743

SHA512
024fa0a98959b2edc578b5458b0e5d8337818f514450a71fdeee96d22458fc34b4c8e73f5956fc7068b57f1ac4338c68ed0eea59c4f45be0f591e90fbd22cf27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe

Filesize
184KB

MD5
29afd48c3744b416ea827adf9279f7a0

SHA1
eba2f71d90448a19df8938d522a263d2580b342f

SHA256
e90291ef7139529591223cb3936aa04c32754aac8c38fc3d7da23e1ca3725829

SHA512
579ab312cf156f205eb7ed32b65d0df327cf876051cc45a5504ad6e99105c496e333738cb036f5a9f44172ca8ab5ad798188c1e4b06a6f22acef3853f999a6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe

Filesize
184KB

MD5
0784bf5b75f6ec77e3c310ad9ff5109b

SHA1
496888eaee5e17afd6efd8ed8fa2d48255986811

SHA256
2f50b1febc96f7c0cfce6ad491c4eb3899bf2c75604baafed7a08ededdb6ad01

SHA512
73a8dfd188bc65ca214b5c24aa72f448384ba3065d08b932a558bbf9e0e26a9762ad10b91bd1dff93fa29f264efdd011f79a182f98338062786d2ace1dd9179b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe

Filesize
184KB

MD5
c62cff3cca354f087bb9e1d2180fa1df

SHA1
06b62ddd4a5b91b3b4d249c3a8f55106a560e0f2

SHA256
33d989995afb5da97950e67ea3b5e72c15c46ddcc10cc11d6ad66ffd284405c5

SHA512
fea2427a5d0fe7aa958418f62287f6ff5e1cb26ff100a3d57885d6caee59109a2ec6fd1535e9373bd0882daf488c0066673c1a1481f07bbf91e64275b00272f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe

Filesize
184KB

MD5
bb56ea86f4b43f6d867ee37d9a357215

SHA1
e21e78c2874b38f51b8e45073bcb23cf22f5d981

SHA256
62d93a7773b9b5ea2963d303941210fc4fdb59e595d46f25259e467bc7ac3151

SHA512
5c54a4db28e5b7a33560082c703507967e50a4a69a8a03aeb5a32f365ed1bde3dcf29c8f02c1975482bc49ecffb53cad540a590988742fd75c845225f7daab16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe

Filesize
184KB

MD5
e2cac8068500f4ab891dc3b6afa00fa6

SHA1
32959fc57146651aac6f4486556585d2e11e54c1

SHA256
dcdb752d7e1500dda4a4e4e3f088b9dd8f840aff86e2f7b53ef77b7cbc452967

SHA512
bb8bf6ffda37ed130abd87ecf209e632d2a9616381c78e5ab1b7a8792aebf8fcd51d39c8bf6bba4303297267b9f95cde87f39ec1997ffa8bd85c535bd2634768

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe

Filesize
184KB

MD5
1bc0fca4187d65ab4ac50bea95b78ab3

SHA1
f3d7bed2b36a0404d1b8492ff6f7034ff9be652f

SHA256
da5089b6cb02dab2cdad6220ce861860208618ffb64c592f8960da68d23bbaea

SHA512
dfc18ea662a5a96822159d1cecd373c55984905779741f2776f77940b8efd46cd59ebcf50862c999d0ec477d0646508176d12b87302e572c3702fd98c684c178

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe

Filesize
184KB

MD5
af9ea122008d3c1f2c2744c4d92823ac

SHA1
43c12ee8be8b5fa27d7a4d6152110e4f9e09eb3f

SHA256
aa743cb8a95497ac933948ebb7fba27ffb72fc8de9397d06b09bcbd3f1748b7b

SHA512
5bca96e119a4c484144d3ba99f257f164ca25f5f8fe76d6391f45220b868d3b96face6411082d86af30f1413adef45fc55dbb576161d993bc1c8e596a3e2457b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe

Filesize
184KB

MD5
0bfeaac0e6083e126d43bfa164cc672e

SHA1
8e7a303defda56bf3996d9a7c227666c170ccde7

SHA256
2cff463da10b43ea25d96f5dbeff28edc254ecad1e68caf047d807f2ae038fd7

SHA512
e23853648d1c17de83954183f70d4f95ea50e4c926abf1c7d9f539c0a43d8165ee217c87955ef4d7c2493c4b99b1151e436f9207be1cfce576668fde335c9581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe

Filesize
184KB

MD5
6f41691321631ea40d5c5aff6179bb0e

SHA1
edbda9ec2e782e38d0f815a8cecc7a94a4101c13

SHA256
6fe5ae39561ae8836f5d91252d8c9f779f9f2f42ca8c321f83f8df36aa067c1f

SHA512
3748db864cd0b6844e0a0ca9379f5a8b2bb1846d8403d4de9d20f0adaffc83edf24ba6562de47c38aa56a7d6bcee2838c54cbf2af8ad5d7ceca55917e625f52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe

Filesize
184KB

MD5
7023ab44cb0fd6d52fd7e71a481703bd

SHA1
81117ec856c5ae9f5c0396707c606bb55594327e

SHA256
f94ff18405e47a6096fda63a10e20046fe7a4122675fa55c7ac7c4c3246c39e4

SHA512
be5f0cc59aa6672beb0086ee97061073967dbfd8bb7f30bc757e521d8194e3566f3d488e013329474a1e045f1a38af2a38551657606e649f582ecf97cff5ea71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe

Filesize
184KB

MD5
a7124c0b43ddf8b01bd9e3a7d76e447d

SHA1
574b463cfc7cc34132eecd19a40af4c89e3a3eaa

SHA256
a93996307c510e0e910579c3b4c9cb55486e4db98d46b8356a34e3242c5d725d

SHA512
0632d451502d3e29431611833a5a51115312736fc34978c306d32a01fc3536849043f0ce755400f660cafd588934a66454953d5a1662736830aa4dc8fd6787c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe

Filesize
184KB

MD5
e4dd45cdcd51e131e0bb6e951feb83a3

SHA1
17607c4c28dfc8b13e2812bac34eef0fc4ca7bca

SHA256
a7dd61021472d02f7a386dc5a5df6dcef82b53acda6d794b22ece6ae7e00e804

SHA512
0cb8a4ee64ad11c2165e83f2870e32c9f1375aa9301dc404415930cbe3e32fc5482f5d215bd57cee06ef090f64c59d445db46895886c858902d1584726ea1698

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe

Filesize
184KB

MD5
3728d0a8d77b235ee15143928d1129a0

SHA1
c6e67ce36120053dc1014a4c74ebd67d6d21781d

SHA256
23ae293e3653a95702729b4bc1c45dd49e0494ec17ac3ede0e05d38ab7604aed

SHA512
7b2bf9299bbb19073991124c2b4e573a293f8adab909872a06a086b589b1c2cf0794f641c6481e114b8866fc18c51bb3350554045c5b67cac5b3e0ecc47c2e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36899.exe

Filesize
184KB

MD5
837d7511ff3400e570f4a97d565468fb

SHA1
58c9591a139f253ecc81f10074ffd5e5ade4ea90

SHA256
2e313515035f1731bc0e42f79c5575a089d341579efeaa1dcce8208b3c39e81d

SHA512
54aeb8b531acaf1742cc6b718478e831afd250ccc4126aad3ddc381e9b6a81fa1d917ea73593ba611dc563a1562d98ae2aec5d684e977772eaaab8a3ca0dc8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe

Filesize
184KB

MD5
2556aa443303c834a1a48009e9946c27

SHA1
488299670f5aa4b2e922ea953126f145caef6dec

SHA256
d1c9599e9028ae7e449ce79f30b6c55c749ad836c75edb05d7b3150c11bcc19a

SHA512
db6677753de46216e1cf61e18056032d75d371741707bcff53b238ff17c58719f6c7a3fde53e9181c6b1666da448e6b690a1ca693de5ff9d27b97b2e922be75f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe

Filesize
184KB

MD5
6a5527d351f467490887a8d56cea1790

SHA1
b4814099683719f5ca17caa37bc5fd72ea6a543a

SHA256
f489a89cb7be4c896faec8a338c7ccc7b96ac1f77a8fb6d1e3910d35e4234a27

SHA512
a8d692d15ee1a793ca927e35acab4608fab0475ceb0ab6f859bfba28fd3f8a213e674ca7a611669dd2705a5b2d466d5dbb736f946f24c613b1db6d25ae82c80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe

Filesize
184KB

MD5
7ce6e6a7b5ef3e71244ba492ef303640

SHA1
4924efdef7e65aab99ddf74e64cda8dd6af16ce6

SHA256
c5970a88c7e2b03fb6d1b7d568cd02dd1092f1cfca48d2882eb7215702f26ccf

SHA512
78ddfdbf4125300e610c13a137efb305056b28e9bc8179319b3430c49d69ff3f2aeda32ac403eb8324c53a5dfc5945774c031d54a2c3c2c81b4516ad00fd99e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe

Filesize
184KB

MD5
0cfd67f4c23908e9ce99a55ae485b073

SHA1
f4a908295b60dd8c70add165baf40e2a241587b4

SHA256
c6e1a260aed00fc94a44bc9271041e3db21a2fea8fcb5f01acf280b8cb7a10df

SHA512
20910127e1ba8a07a187a4f926373695618030fcdb91c6fd99ba1a8c1dc1cd41c1b378b9a323cfeadcb6df63d48bb12f0bd576f40cfb6e3bc50ea38cdafb7b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe

Filesize
184KB

MD5
2b8c9f6552384bf4b78ac05aa01cb87f

SHA1
200539700d77f1192ad1445ce1738f75d0adcae7

SHA256
11e242374337f234db04131ea1a25f49e65d85889e90f4471c0005a42c6bc33c

SHA512
2f30e353d7c87f204ec8700d2f10ae3ee82611a859fade2f895c5f4591e00bcb6dfa70cec3e4da2a863f9cc9751892b23990d234751079c0381809101b4ea206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe

Filesize
184KB

MD5
a3155aee62f733eaede349858485d6b1

SHA1
4e39287d489334ed1ddb8b077ba5599714399713

SHA256
3de0e5d772b876a08feee1d6737756f2f3623bf41be39155bf3e219263008d5f

SHA512
ba59d0b548c70825b958fdfd947c019de9e91adb0d3386df11d41e961be7b56add55e64ba82d220c210fa28caa6ec4357db4526019620cd985e21e78a5f5d984

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe

Filesize
184KB

MD5
25a166dfd13802bc5b840b39410926ea

SHA1
b0259939d2d39d15d8198df3d9ea45a308ff2f87

SHA256
626561f9e8d748c5d2267adb16eaf7bfabd8e4ef54e557c032cd3bc1e88d7cc5

SHA512
be9e1e43a01628bd9952dd29dec218148fff0d3eabbc0aa0b36fd9f45d0a13949f58cfd9f9ab41e9734c41caaba91c9948a23fafdf36b78a46113c6eff41313b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe

Filesize
184KB

MD5
2d8926d972bc72c4e808dc86a816c16c

SHA1
5c4d20dc9b62e331855843f7a1e42273453ceb32

SHA256
14fb0ac31464622c9d7268574cf7673fba788058015f75d18bc974e61ee4a0cd

SHA512
2fd051a5fea94dc6125d1b4eb757879b0e405fcf6ca8ecf7498e734f605f340e6add85bbfb5f04ed6c23de3fd1422d826da8a2c2acde77762690426db5e7ae47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe

Filesize
184KB

MD5
fec84b2fe73f2ff4a8ed1b033cfa9d9c

SHA1
46ea92f62f5f45aea1ecbd0b3a3fb584ba2d22d5

SHA256
eda3223fa94d67b166aa9aa488ef69e63d4c79ac579e0a0713a4fce4c8319025

SHA512
b204e3fdee589cfc11c5d2a1d36647105e3270cde46be8ab9f528c672dfecb4892addc0e8f5a15d8011a47ff14ae973d8994a808fd23f2da1ab637919b2cdcb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe

Filesize
184KB

MD5
3541cc780eab0e44d245e0e161817412

SHA1
662994d64ecf6b05101ac4949223bf2bee45c4ef

SHA256
e946890f9f90c38f5f1b8da2b55a32ecb6904d41cf261d92bde0f3f56b5bdd90

SHA512
63202335ba41ef688be5272699e971614eca14f7e6e150c31f651b860aa9f41f0c014f9fec51d002e021ef99b497a0c69d8063be42c26b02962031de70c0dfd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe

Filesize
184KB

MD5
d49c9b966ca69e2e53c9c66233dfcc8b

SHA1
849e754fe4c0fd58c348fd6a72dc0d24a4e264e2

SHA256
ad68c28ca569ea64d29f84f67f908266111163af550856bc6cd99f6dd7e2358f

SHA512
5ce40c5e4849d4dfa6e4f7ec645db01723e41cec13787f37169ab909d3f6d203570fbb197284adf66aef240d826b932ac9a80857ea4b4612f04b7927e92f82d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe

Filesize
184KB

MD5
4098aacaab6eacf5d335d7f126f3dcad

SHA1
0d79e425ddf94973e461ceba3cd941c5d15d481c

SHA256
fc596c3ee6051fcc45f9fbe57252a3c1602ce6817ba8a6d55e3050015e27d419

SHA512
64bec4b5d938b93b86f1e200234ad481c80ec4f13361f55fe3541ded89db299689419d12654b06892c7b07e58b1be396f93e7f598d69577d9146eced1ecfc0f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe

Filesize
184KB

MD5
8ced38810e2111604abf1355bd49b515

SHA1
9f2f3c283a7bd63a3ccf371708ea7b12feeefe95

SHA256
1cca52bcad10c84c05372f006916c81b8b151c9b7dc7b28937c78d2226f47399

SHA512
0744d826019d1861f7da2aca405f5a0f096f92f596f899a4664371d42a9a153b18c62c878a00cf80124849ea0c7046f31892b980dbd35301f1b28f4020aa849f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe

Filesize
184KB

MD5
507b8f15cb667beecd6a713427f75a35

SHA1
c4006dc98d2adcd06848632b70f2d8e13c4c2eb6

SHA256
85da6d11637798c8e52f79fb761bc089717efede2974be86bf89d126137bdc38

SHA512
c5189a3e8ace42ef2d16bd4044e3b0f80a4ca6f8fb6ed75d52679bbbec99165cc79180bef48f85700604fbe08869947ad7c94eb467592193c1d36ca3bebb7eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe

Filesize
184KB

MD5
bc80ef9b213d8d1bc3484afc0c961334

SHA1
692d565a7fb43bd61f548b91e98ef2ff8c62bfb7

SHA256
af760fcb13b8a3c6f341a3c55bcaf1c812d191985afaa720d41e2fcf376a08bd

SHA512
f6d9b171f65bf15f5f979c3f8427ef1adf41730ff890f56bead46bb3494592329149dc60d0b4b0ff896391c1afaf41b26c738991cb2785577a68de9b935ea31f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe

Filesize
184KB

MD5
91e118a0bc4c69c96623b4d58d73666c

SHA1
980b9e6947adf6142967e957b294009ac3408a03

SHA256
94195950b6cd6c93fa961b8d21ccaaf10bd91c9c090611326c68bcd46a97fec0

SHA512
4eda7ded8a864d9f05d86cb8f2bad00ecdf999f519bee8658112e3235af6ac7672d4089f43e60cfb6fdfa14c75500df9a8301c820e6cfd377424b48e3e0db70f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe

Filesize
184KB

MD5
f5e146dd8755e44313467a0c42394bac

SHA1
07931dd2e12d90fd835c2353f57dadc98d16b35b

SHA256
78b431e0519943d9a0db5887af0dfe3467300cd465d1d729ed2ebcc48f849216

SHA512
d1cc983ed880cf803b2fe6c3ac813b1936261922d44adbea3aaea1db1e561634d45f6140fc8db91373a838bd4553f33088bf148166eafff3e30e40178c2b7f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe

Filesize
184KB

MD5
d2b7cdaf143e0b136716bb52c5d463a3

SHA1
2cb964ada6cfa0a048d33ecbb077cf3b68dc1086

SHA256
933a02dcf3213293b55dcad8bdf31972e905c8f20e7b450d3a16646ff6d410c8

SHA512
e3ff573a35b80ddda8c4ffac075590e22f569177c0f3db02bbc89bd92099aa9aa6865f482209ec3c42896d3968ddaebb5ed3b2145ee2fc5ccf4feb6aaf18cefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe

Filesize
184KB

MD5
14307366146ba87d8a972df0ed65314f

SHA1
402e294104b71a57ef3151acad97f4777739ca8a

SHA256
7d0f206353258d1d05c4136d87e4e5aae964e9f4d300bcc8d36b0f25e81b32dc

SHA512
d7fb63c085b3311fa2e5058126257ed6b8103adc6baafbe5f9a82c36220eef4a1a70455d402f7f008621b834c6cd6713053c5787befc832a84dbbed3fb0b8705

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8210.exe

Filesize
184KB

MD5
303078d2753ecdd4713ed7a2221c6fc3

SHA1
6b27331749009fc45ae43f8580e0cce1f1170b5f

SHA256
9be38ad0cc0ddf40e87bc8555db7b00e62c5cc962f68fc0ae0c10d9af3a314ea

SHA512
6d457e8b6490aad3f25f621a6f79e851d38e95a4dcef915b28dca6f4f2189e81d3da01e2f13eb1630c48735769e9f4f29a0a13d6c0fd7a1e8357d1993e7593c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe

Filesize
184KB

MD5
8b384d197f18de7b9c62b642aa3d954a

SHA1
97f4ed7bb9afe4b755813c80fb195c9f37507894

SHA256
a32abcd39853d8e414af1cea298ac4eb41098c2d2a3c6afec60d318360f4477a

SHA512
d57b6cd6e124ba9ae8ae7bf12763e7373c20d660cf67742085c7b548938ccae509e745153307216a2d86f87756c086754d745aaa3a3ce723d22c8988b6bf00c4

Download Submit
memory/5040-3678-0x0000000074F90000-0x0000000074F9F000-memory.dmp

Filesize
60KB

Download
memory/16472-3589-0x00007FFE79CF0000-0x00007FFE79EE5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads