3f65a19f4172fe359c4e27ebf5cc7bbfc1b3e3afb7ecc9e3c6741dfb52be5724

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e616c1d570873eae356112836947e20_NeikiAnalytics.exe
Size

468KB
MD5

1e616c1d570873eae356112836947e20
SHA1

87b393b401f2522b733f883f8e81beb4d0f560b5
SHA256

3f65a19f4172fe359c4e27ebf5cc7bbfc1b3e3afb7ecc9e3c6741dfb52be5724
SHA512

00258bdb569046510d7faaf19d4e25dfbb00893efac51b104d49e29881c79c816edfad3d5a42699df18697fef5d31b85a535a376f6659e4ffc72403492948e92
SSDEEP

3072:tbACogIdh05YtbYJPzcjff8/ZChXPaplnmHCxEh94DxUcR7u3Lhh:tb1o58YtOP4jffxSfO4DOM7u3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
528	Unicorn-57106.exe
1600	Unicorn-64444.exe
880	Unicorn-5492.exe
1976	Unicorn-36816.exe
3404	Unicorn-12866.exe
3860	Unicorn-32732.exe
3108	Unicorn-53052.exe
3880	Unicorn-50796.exe
3948	Unicorn-46712.exe
4084	Unicorn-46712.exe
1308	Unicorn-22762.exe
4388	Unicorn-42628.exe
4356	Unicorn-1687.exe
4180	Unicorn-3468.exe
852	Unicorn-49405.exe
1592	Unicorn-609.exe
4960	Unicorn-46281.exe
4780	Unicorn-18892.exe
1456	Unicorn-41185.exe
1968	Unicorn-64584.exe
3796	Unicorn-15475.exe
1664	Unicorn-1740.exe
3088	Unicorn-21606.exe
2068	Unicorn-52332.exe
4196	Unicorn-24298.exe
4816	Unicorn-28382.exe
936	Unicorn-42118.exe
2228	Unicorn-423.exe
3668	Unicorn-3899.exe
4012	Unicorn-3899.exe
3488	Unicorn-24219.exe
4520	Unicorn-10484.exe
3952	Unicorn-64309.exe
4552	Unicorn-49364.exe
2148	Unicorn-56141.exe
4120	Unicorn-21330.exe
4872	Unicorn-39804.exe
4108	Unicorn-59670.exe
2852	Unicorn-14361.exe
3836	Unicorn-1844.exe
3376	Unicorn-32836.exe
4884	Unicorn-19821.exe
3400	Unicorn-44988.exe
1984	Unicorn-42950.exe
3464	Unicorn-40042.exe
4112	Unicorn-61424.exe
2980	Unicorn-23106.exe
1208	Unicorn-49748.exe
4524	Unicorn-41580.exe
3644	Unicorn-52441.exe
4384	Unicorn-8807.exe
2360	Unicorn-2685.exe
4636	Unicorn-41580.exe
60	Unicorn-19113.exe
4088	Unicorn-24979.exe
1604	Unicorn-5378.exe
1356	Unicorn-8907.exe
4972	Unicorn-8907.exe
1452	Unicorn-739.exe
5084	Unicorn-739.exe
2052	Unicorn-11600.exe
708	Unicorn-46411.exe
2612	Unicorn-27117.exe
3052	Unicorn-21251.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
8048	5460	WerFault.exe	211
17232	14744	WerFault.exe	708
17180	15488	WerFault.exe	749
17136	13936	WerFault.exe	735
17188	14736	WerFault.exe	709
11456	14044	Process not Found	1180

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3936	dwm.exe
Token: SeChangeNotifyPrivilege	3936	dwm.exe
Token: 33	3936	dwm.exe
Token: SeIncBasePriorityPrivilege	3936	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe
528	Unicorn-57106.exe
1600	Unicorn-64444.exe
880	Unicorn-5492.exe
3404	Unicorn-12866.exe
1976	Unicorn-36816.exe
3860	Unicorn-32732.exe
3108	Unicorn-53052.exe
3880	Unicorn-50796.exe
4356	Unicorn-1687.exe
4084	Unicorn-46712.exe
3948	Unicorn-46712.exe
4388	Unicorn-42628.exe
852	Unicorn-49405.exe
4180	Unicorn-3468.exe
4960	Unicorn-46281.exe
1592	Unicorn-609.exe
4780	Unicorn-18892.exe
1456	Unicorn-41185.exe
1664	Unicorn-1740.exe
3796	Unicorn-15475.exe
3088	Unicorn-21606.exe
4816	Unicorn-28382.exe
2068	Unicorn-52332.exe
1968	Unicorn-64584.exe
4196	Unicorn-24298.exe
2228	Unicorn-423.exe
936	Unicorn-42118.exe
4012	Unicorn-3899.exe
3668	Unicorn-3899.exe
3488	Unicorn-24219.exe
4520	Unicorn-10484.exe
3952	Unicorn-64309.exe
4552	Unicorn-49364.exe
2148	Unicorn-56141.exe
4120	Unicorn-21330.exe
4872	Unicorn-39804.exe
4108	Unicorn-59670.exe
2852	Unicorn-14361.exe
3376	Unicorn-32836.exe
3836	Unicorn-1844.exe
1984	Unicorn-42950.exe
3464	Unicorn-40042.exe
4884	Unicorn-19821.exe
3400	Unicorn-44988.exe
1208	Unicorn-49748.exe
2980	Unicorn-23106.exe
4112	Unicorn-61424.exe
4524	Unicorn-41580.exe
4688	Unicorn-44273.exe
4384	Unicorn-8807.exe
4636	Unicorn-41580.exe
60	Unicorn-19113.exe
3644	Unicorn-52441.exe
2360	Unicorn-2685.exe
4088	Unicorn-24979.exe
1604	Unicorn-5378.exe
4972	Unicorn-8907.exe
1356	Unicorn-8907.exe
1452	Unicorn-739.exe
3052	Unicorn-21251.exe
2612	Unicorn-27117.exe
5084	Unicorn-739.exe
708	Unicorn-46411.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 528	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	90
PID 2736 wrote to memory of 528	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	90
PID 2736 wrote to memory of 528	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	90
PID 528 wrote to memory of 1600	528	Unicorn-57106.exe	95
PID 528 wrote to memory of 1600	528	Unicorn-57106.exe	95
PID 528 wrote to memory of 1600	528	Unicorn-57106.exe	95
PID 2736 wrote to memory of 880	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	96
PID 2736 wrote to memory of 880	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	96
PID 2736 wrote to memory of 880	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	96
PID 1600 wrote to memory of 1976	1600	Unicorn-64444.exe	98
PID 1600 wrote to memory of 1976	1600	Unicorn-64444.exe	98
PID 1600 wrote to memory of 1976	1600	Unicorn-64444.exe	98
PID 528 wrote to memory of 3404	528	Unicorn-57106.exe	99
PID 528 wrote to memory of 3404	528	Unicorn-57106.exe	99
PID 528 wrote to memory of 3404	528	Unicorn-57106.exe	99
PID 880 wrote to memory of 3860	880	Unicorn-5492.exe	100
PID 880 wrote to memory of 3860	880	Unicorn-5492.exe	100
PID 880 wrote to memory of 3860	880	Unicorn-5492.exe	100
PID 2736 wrote to memory of 3108	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	101
PID 2736 wrote to memory of 3108	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	101
PID 2736 wrote to memory of 3108	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	101
PID 1976 wrote to memory of 3880	1976	Unicorn-36816.exe	104
PID 1976 wrote to memory of 3880	1976	Unicorn-36816.exe	104
PID 1976 wrote to memory of 3880	1976	Unicorn-36816.exe	104
PID 3860 wrote to memory of 3948	3860	Unicorn-32732.exe	106
PID 3860 wrote to memory of 3948	3860	Unicorn-32732.exe	106
PID 3860 wrote to memory of 3948	3860	Unicorn-32732.exe	106
PID 3404 wrote to memory of 4084	3404	Unicorn-12866.exe	105
PID 3404 wrote to memory of 4084	3404	Unicorn-12866.exe	105
PID 3404 wrote to memory of 4084	3404	Unicorn-12866.exe	105
PID 1600 wrote to memory of 1308	1600	Unicorn-64444.exe	107
PID 1600 wrote to memory of 1308	1600	Unicorn-64444.exe	107
PID 1600 wrote to memory of 1308	1600	Unicorn-64444.exe	107
PID 3108 wrote to memory of 4388	3108	Unicorn-53052.exe	108
PID 3108 wrote to memory of 4388	3108	Unicorn-53052.exe	108
PID 3108 wrote to memory of 4388	3108	Unicorn-53052.exe	108
PID 528 wrote to memory of 4356	528	Unicorn-57106.exe	109
PID 528 wrote to memory of 4356	528	Unicorn-57106.exe	109
PID 528 wrote to memory of 4356	528	Unicorn-57106.exe	109
PID 2736 wrote to memory of 4180	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	110
PID 2736 wrote to memory of 4180	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	110
PID 2736 wrote to memory of 4180	2736	1e616c1d570873eae356112836947e20_NeikiAnalytics.exe	110
PID 880 wrote to memory of 852	880	Unicorn-5492.exe	111
PID 880 wrote to memory of 852	880	Unicorn-5492.exe	111
PID 880 wrote to memory of 852	880	Unicorn-5492.exe	111
PID 3880 wrote to memory of 1592	3880	Unicorn-50796.exe	112
PID 3880 wrote to memory of 1592	3880	Unicorn-50796.exe	112
PID 3880 wrote to memory of 1592	3880	Unicorn-50796.exe	112
PID 1976 wrote to memory of 4960	1976	Unicorn-36816.exe	113
PID 1976 wrote to memory of 4960	1976	Unicorn-36816.exe	113
PID 1976 wrote to memory of 4960	1976	Unicorn-36816.exe	113
PID 4356 wrote to memory of 4780	4356	Unicorn-1687.exe	114
PID 4356 wrote to memory of 4780	4356	Unicorn-1687.exe	114
PID 4356 wrote to memory of 4780	4356	Unicorn-1687.exe	114
PID 528 wrote to memory of 1456	528	Unicorn-57106.exe	115
PID 528 wrote to memory of 1456	528	Unicorn-57106.exe	115
PID 528 wrote to memory of 1456	528	Unicorn-57106.exe	115
PID 4084 wrote to memory of 1968	4084	Unicorn-46712.exe	116
PID 4084 wrote to memory of 1968	4084	Unicorn-46712.exe	116
PID 4084 wrote to memory of 1968	4084	Unicorn-46712.exe	116
PID 880 wrote to memory of 3796	880	Unicorn-5492.exe	117
PID 880 wrote to memory of 3796	880	Unicorn-5492.exe	117
PID 880 wrote to memory of 3796	880	Unicorn-5492.exe	117
PID 4180 wrote to memory of 3088	4180	Unicorn-3468.exe	119

C:\Users\Admin\AppData\Local\Temp\1e616c1d570873eae356112836947e20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e616c1d570873eae356112836947e20_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        10⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        11⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        11⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        11⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        10⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        10⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        10⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
        9⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        10⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        10⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        10⤵
        
        PID:19288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        9⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        9⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        9⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
        9⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        10⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        10⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        10⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        9⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        9⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        9⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        10⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        9⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        8⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        7⤵
        Executes dropped EXE
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        9⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8754.exe
        9⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        9⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        8⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        7⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        7⤵
        
        PID:19304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        9⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        10⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        10⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        10⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        10⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        9⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        9⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        8⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        9⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        9⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        8⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        8⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
        7⤵
        
        PID:18840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        7⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 720
        8⤵
        Program crash
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        8⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        8⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        7⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        7⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        7⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        7⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        7⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        9⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        10⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        10⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        10⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        9⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        9⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        9⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        9⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        9⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        8⤵
        
        PID:18444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27718.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        9⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        9⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        9⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        8⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        7⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        9⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        9⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        9⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        8⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        8⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        8⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        7⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        7⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        7⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        6⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        7⤵
        
        PID:18480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        6⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        8⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        7⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        7⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        7⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        6⤵
        
        PID:18308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        8⤵
        
        PID:18468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        7⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        6⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        7⤵
        
        PID:18492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        5⤵
        
        PID:19276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
      4⤵
      Executes dropped EXE
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        8⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        9⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        10⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        9⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25082.exe
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        8⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        8⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        7⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        7⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        7⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        8⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        8⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        7⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        7⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
        6⤵
        
        PID:18440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        8⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        7⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        7⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        7⤵
        
        PID:18452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56196.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        6⤵
        
        PID:18828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        5⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
        5⤵
        
        PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
        7⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        6⤵
        
        PID:18948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        5⤵
        
        PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51720.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
        7⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        7⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        6⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        6⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        5⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        5⤵
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        6⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        5⤵
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        5⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        5⤵
        
        PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
      4⤵
      PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
      4⤵
      PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
      4⤵
      PID:12080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        9⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        9⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        8⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        7⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        7⤵
        
        PID:18760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        6⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        7⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        7⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        6⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        8⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41256.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
        7⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        7⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        7⤵
        
        PID:18920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        6⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        6⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        6⤵
        
        PID:18800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30947.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        5⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
        5⤵
        
        PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        8⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        9⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        8⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        7⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        7⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        7⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51838.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        6⤵
        
        PID:14744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14744 -s 464
        7⤵
        Program crash
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        8⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        7⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        5⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        6⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        5⤵
        
        PID:18972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
        7⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        8⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        6⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        5⤵
        
        PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        6⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        6⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        6⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        5⤵
        
        PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21715.exe
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        5⤵
        
        PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35024.exe
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
      4⤵
      PID:15488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15488 -s 444
        5⤵
        Program crash
        
        PID:17180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        6⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        9⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
        8⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        8⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        7⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        7⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        8⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        8⤵
        
        PID:18996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        7⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
        7⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
        6⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        7⤵
        
        PID:18712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        6⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        6⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        6⤵
        
        PID:18820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        5⤵
        
        PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
        8⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        7⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
        7⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        7⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
        6⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        6⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13936 -s 436
        7⤵
        Program crash
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        6⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        5⤵
        
        PID:19100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
      4⤵
      PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        6⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
        7⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        6⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        5⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
      4⤵
      PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
      4⤵
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        6⤵
        
        PID:18776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
      4⤵
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        7⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        7⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        7⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        6⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        5⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        5⤵
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        5⤵
        
        PID:19120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
      4⤵
      PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
      4⤵
      PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
      4⤵
      PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
      4⤵
      PID:11980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        6⤵
        
        PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        5⤵
        
        PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23633.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41578.exe
    3⤵
    PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        5⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        5⤵
        
        PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
      4⤵
      PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
    3⤵
    PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36972.exe
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
      4⤵
      PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
      4⤵
      PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
    3⤵
    PID:9736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
    3⤵
    PID:14704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
    3⤵
    PID:12268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        6⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        7⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        6⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44194.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        7⤵
        
        PID:18860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        6⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        6⤵
        
        PID:18812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        6⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        7⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        6⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        7⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        7⤵
        
        PID:18268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        7⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        7⤵
        
        PID:17836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        7⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        6⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        6⤵
        
        PID:18848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        7⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        6⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        6⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        5⤵
        
        PID:14736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14736 -s 436
        6⤵
        Program crash
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        5⤵
        
        PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        5⤵
        
        PID:18932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
      4⤵
      PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
      4⤵
      PID:9596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        8⤵
        
        PID:19112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        7⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        7⤵
        
        PID:19264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        6⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        7⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
        7⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        6⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        6⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        6⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        6⤵
        
        PID:19128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        5⤵
        
        PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        7⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        7⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        6⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        5⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        5⤵
        
        PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
      4⤵
      PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        5⤵
        
        PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37257.exe
      4⤵
      PID:18476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        8⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        8⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        8⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        7⤵
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        7⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        6⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        6⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        6⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        5⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        7⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
      4⤵
      PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
      4⤵
      PID:18956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        6⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25082.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        5⤵
        
        PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        5⤵
        
        PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
      4⤵
      PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
      4⤵
      PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
      4⤵
      PID:10060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
      4⤵
      PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
      4⤵
      PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
      4⤵
      PID:17452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
    3⤵
    PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
      4⤵
      PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
      4⤵
      PID:8104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25448.exe
    3⤵
    PID:10996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
    3⤵
    PID:14544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
    3⤵
    PID:4584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        8⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        7⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        7⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        7⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        6⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        7⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        6⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        5⤵
        
        PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        6⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        6⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        6⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
      4⤵
      PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
      4⤵
      PID:12040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        6⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        5⤵
        
        PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        5⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        5⤵
        
        PID:18668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        5⤵
        
        PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
      4⤵
      PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
      4⤵
      PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:60
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
        6⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        6⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
      4⤵
      PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
      4⤵
      PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      4⤵
      PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
      4⤵
      PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
      4⤵
      PID:9416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
    3⤵
    PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        6⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
      4⤵
      PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
      4⤵
      PID:8620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
    3⤵
    PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
      4⤵
      PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
    3⤵
    PID:11104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
    3⤵
    PID:15480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
      4⤵
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        5⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
      4⤵
      PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
      4⤵
      PID:8724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        5⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        6⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        5⤵
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      4⤵
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
      4⤵
      PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
      4⤵
      PID:9708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
    3⤵
    PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        5⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
      4⤵
      PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
      4⤵
      PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
      4⤵
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
    3⤵
    PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
      4⤵
      PID:9752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
      4⤵
      PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
      4⤵
      PID:18280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
    3⤵
    PID:10488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
    3⤵
    PID:15080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
    3⤵
    PID:18260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        5⤵
        
        PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
      4⤵
      PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        5⤵
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
      4⤵
      PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
      4⤵
      PID:19076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
    3⤵
    PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
      4⤵
      PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        5⤵
        
        PID:18292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
      4⤵
      PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:6492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
    3⤵
    PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
      4⤵
      PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
      4⤵
      PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
      4⤵
      PID:6884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
    3⤵
    PID:10520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
    3⤵
    PID:14052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
    3⤵
    PID:18404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
    3⤵
    PID:11544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        5⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
      4⤵
      PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      4⤵
      PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
      4⤵
      PID:9300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
    3⤵
    PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
      4⤵
      PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
      4⤵
      PID:18332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
    3⤵
    PID:12164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
    3⤵
    PID:16616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
    3⤵
    PID:5804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
  2⤵
  PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
    3⤵
    PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
      4⤵
      PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      4⤵
      PID:17880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
    3⤵
    PID:14848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
    3⤵
    PID:7748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
  2⤵
  PID:7404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
    3⤵
    PID:10620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
    3⤵
    PID:14928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
  2⤵
  PID:11168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
  2⤵
  PID:16304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
  2⤵
  PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5460 -ip 5460
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 14928 -ip 14928
1⤵
PID:16880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 15216 -ip 15216
1⤵
PID:2868

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe

Filesize
468KB

MD5
9333909cbd9b57611590b95d43938162

SHA1
6d8fbd7b1c11a57a3fdfb2b938c78809ac29e907

SHA256
479fec54a4e1eb4a1b438c9ec248fcf270009d6d785cd333c7f35aa53d589898

SHA512
d2a7cbbee32c8d984396ddda0fa1308310154d0db15d5a870c1b1a14782172530ba5945e3fe6a07f2676b9b9dbd5c76e34115deaa3ce753f8346e2e9a4ff126f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe

Filesize
468KB

MD5
48ea69be7daff77ee712ae97b1c19729

SHA1
c67dcc96b91402e0cad83878e87443746b740a91

SHA256
c9befa66d4a3739cda5a2c6b5ee1109395992738a0b6cad40d4569776f062983

SHA512
a5626f505a02a7d3cdeaeab06a6e0d977f033153b525a4bbf49b04889b98760d4f2b3798b1377d836b694cfd1410a2df5a647075ae882fe167fd2ba9c89e7eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe

Filesize
468KB

MD5
f3458fa4903cb395a5b6e34ba576cfa9

SHA1
7a46c936dec61f56796dbfbf162eff5f453b42ec

SHA256
ca6257f3f75af02b1139ca8ee5065d2c432af9fc64596e9ee95b21b09c03a91c

SHA512
aecfc8ec25aec1f766632e529533fcb2da609bced748f4c17a21f1cb04e1de8736b9fcbf138cc81bbb087ec7aa2b9dc302c94774eb493905835e11cbd26f194d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe

Filesize
468KB

MD5
303a68946e8414987c3c0c21d60e05f1

SHA1
22fe4cad0224b06b13f044c1c1ee550b47267441

SHA256
e2eebe29e257cf6245c030b3ff1990488a8bcd2868ee6666922d3f2f3d3f324f

SHA512
c2822286b4a473bcf9782660a076f449c21b66a88cca6ab26272d91cece86dbc24f44504ca73eeaaa5f11ab0b4647657c9ab86f0a38f38daa3020f93f60ad40a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe

Filesize
468KB

MD5
fb897f28791c8062c8ae8f62732bd5c2

SHA1
bc6ffe60fdd107e86c07e2ca16cd3afed02227a9

SHA256
a7df062c01a59505a8a3833e1e421ac3f68b5b0f77ac9b44daea3c17dc0c6d54

SHA512
facfab0f3c9c669ccc01d1749cb69336e4c4e671b8cb2403c2e9ab2080aba14fc4061a77b6be6e54075c1293d550cd7158a38e53a8902dadae6d4478c03d7580

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe

Filesize
468KB

MD5
1a7c55b9a82882063d37cb5ebefdc504

SHA1
5075edec56fb9d3594ef71e990d92783522866fb

SHA256
4de541e6d6f301257b2b478769da4d956a0e5d8ab1ea38a1776b4e1282f68c36

SHA512
db7aa0ae13fbc5536e1b99499fa854d1edea6df733184d573c504cb3797d4372d0e794e746b465c22d93a20dcf0c7c39b2c18291304b3a38829604283000f099

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe

Filesize
468KB

MD5
8336f690c4365b82bc1f302765ee8902

SHA1
84e4defe08572e55a7fad2ad236d0764a4953319

SHA256
135857459871feee9d8fce495a8d97137de2dee272895d8d7b625f44071d1bc3

SHA512
82fbc025ab71d8f6bb2f59fa9d9b088d9277ed9724d936a3e48dec1f8f5a0e29fea77d138da468547d3230136e9ffac0992723ec8d109f5a8124bc10d51cff64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe

Filesize
468KB

MD5
e15f6b67cfb95fe3989b8fa3902a01d3

SHA1
35399895b44a85880a10c9e2ab3d086f9a8eda4e

SHA256
ac2bfa50a78bd082ac8f98237453e9a5ed4138d71a5e81d206536f5aeee63f97

SHA512
743dedacaf853945d41a141c1ef2fdf49bb3a89dccfcaa50475694e6cc3b5f6a59fdd89becbf985dffb1967d21f3ea14a7deb5be378e4d9588a00b4bf7fb09b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe

Filesize
468KB

MD5
252d97f1ef315382e6ca7c031a5a1221

SHA1
877591cd18750fd57d4e81f445266bafd963d5bc

SHA256
3b3954fa4cd9ef90ec7eed2a94c63fdb92f3615c4393192b149a06431e36401e

SHA512
37c99d3dfa6e01722d799daca2e881a173fcc146d0d32d41d9d2aa3567cc90c797bab094a2e9befea92bef225ba99ade064e05ff6dab5b4ed25049c87d1c52c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe

Filesize
468KB

MD5
f0cac094c639f98c1140dbe497e58569

SHA1
bc1c61fce209db9ac3d481fa96f4d062b020b4b0

SHA256
74c6dad973103ec2228406283934bd8e441405ab0def65cb9a008caac0495816

SHA512
a0785909d1ed1f4baf19b28307cd9c57ad24bc43cacd9740b31a65a21303db3a2cc74ad208210d2ed93a85cd246a8dea8e67eaed86fee8080cedcbd9b616b0d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe

Filesize
468KB

MD5
893ddbdbfa8c6adefb34bfb5e61f7cea

SHA1
1224ca306eefa783fe6d7737a2978ec850b4a8b8

SHA256
081cc1037e142345ef84a68b312a96a4de53a073f98833a34c4ac42c5b424a61

SHA512
6d1ce957a4a7a045302b996df176f8ed6a4b1b4802a543ada1671fa0752621fd33579a3903b7e6ee68c346f2920d99df3fc072bfffb9c04199033e3c075eb1d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe

Filesize
468KB

MD5
ab44b2083c5f1ac26cc168e84ccea34e

SHA1
0f77bcd863118031e4ebeb8de42d6053b5eab87d

SHA256
8078624a0e276d17bbed8c76fd491a450d91c8712641b35263d3510135c052be

SHA512
dbd0d86181044ffd852d479bfbc8b5cf96af56bb579061d55af82f4c989c3fb234d687196e84189f7b9075b402ca15a0b2758d999154ed911aa2f77e7013c8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe

Filesize
468KB

MD5
a8321e4c4304791e44b2a2504b3a6741

SHA1
88279cb394a0210a4fea85d0b61569688ea93542

SHA256
4fef8e0a48fb80f9936e90363fca0cad1b94613d3180658030e1f69f6749474e

SHA512
b90dd88880bff5cc2cc95a40ba3cb3961497758ebcb4c97fd977e69275b7cb9d4809dc367dc32ded8c9a7572242b9216e5b375649dc2c197b50d3efaa87797d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe

Filesize
468KB

MD5
d8ee571420ff4083d355f3d40d65d6d8

SHA1
5622cd5589b7e6812bd9b0949fdd2171007da72b

SHA256
cd596e61bac37ae86813e810fb5d678169fe9d69c539afdd2e41717b89d621eb

SHA512
0be90b364d462774fc7923812a2d37ff24951ce9d32fbdde8e8244f0d22e55a5e6d6f97d215dd802064d70256dd6eacd7e46575bef2935f3534e14f65157d59e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe

Filesize
468KB

MD5
71687850cf8305595e61a97a6edb4178

SHA1
18bc9bef92ba5b8fea66282ac625113b18aeaf77

SHA256
4f715596f8f2bed5e5203a65b2baf5ff51fec38809451ce362a1404df3b11306

SHA512
8893fda6defe725c31024f1b669d3cc9281bdff7a0ca0fbefbca2c30819aa682720980b2ca7e0882cf9d68d6209015a310274ad9b4efb877f4ace46b50fe9eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe

Filesize
468KB

MD5
90257f336f569d397c2f49bf3cbdfc81

SHA1
21d1ca3b96944c945ba6b28a0e2fda1f227ab378

SHA256
410fa5f1062086edfc93c98c94b895d0c300a598181bdeac02d9d9b47720d112

SHA512
cad6abc2d391eaf1ea239def1bbc350d58cea833ae36ef5753276919bff25d24c3ddfd69d56f4ad27b334583109e97f9ca86824c8084e6b94cf1eadfcbd1dca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe

Filesize
468KB

MD5
e7758e831fd7574074cf135011cfe5ea

SHA1
f04f5d84a4085eeff8ae6144516578052e04c730

SHA256
377440a2687ad3bc88b70bfd99409b69985f7734514232b39a95af5a2673955d

SHA512
665776f0617467c6b6b55a7f5807a73f61a149261610fce5c23913a986652d93cdc98e1fa6edf6744a838da68ce39d20ff0f6c4e6c7f325e95b98b866fab5f8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe

Filesize
468KB

MD5
3f140ea805d7c693a464d3c5e4378f79

SHA1
5c3f9a5ec6e71dc01b1aab24653144eb01452c4b

SHA256
2fc64c9cc3e9c2ccbe1214b102a26d3fdd0ae1de110609e04e434f6a9b87fb11

SHA512
5d7f0637853247db906dded2be939df266a451df06b6d12410489c5c4c1fc3bf563fc3f2fad3bfdf6dd5ac64b84dd2de8f658ec3bc3c72be64d8bb4df25a6aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe

Filesize
468KB

MD5
570029bb9191fb64aaf4ece3c2a95bb2

SHA1
a198a3ae227a611b18b6164edc44066a8c96e380

SHA256
33c3370a2644d01cacb044d158751ea639f176fee74dbe0b3b85b751bd13bc84

SHA512
27062e1a09c1ba203a510f2ebdff4d2f6f58828da119e927adc3c7b3a028f011e32f72c410e538b1f7af219f9104adaf97fb495c5fd4738895696e6f1c3b83e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe

Filesize
468KB

MD5
a4207c66adc11c32227f34cb15e9a43e

SHA1
fe652fe807d909453157eef8b06cc9e642d8edbd

SHA256
18945c87820a0df43c3717bf1e0e1b3fe5f0c687f554d5887fac11fb01c44a29

SHA512
540afddd938747556dc5bb45ad188d19106d2dc20d69c7574e074ae01c7bbce8a80e528c550c1a55557d9a74367d3b7b35dbecbc45677d2fba9a34185c108973

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe

Filesize
468KB

MD5
b2948211cbd54e2b7737f490ce100c98

SHA1
56eeeea3d78031a2aa7b778a0d142bfa08799dc4

SHA256
46a075dd7643ec4cb1af67536c854a409046dbbc12eaaf3e8aa46b15fb2d332e

SHA512
37458110bb8285b60512003f6e39bcecb00dbd391c4044a0ff6dff13821cae052b2a08cf092bc75fd7abeeb7d842c1aa466be34c8d7b35bc1481fd2e6a87260c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe

Filesize
468KB

MD5
2616ec39d66f2f63a14b110d07bf07ea

SHA1
512327bc0b6901beeceffe8cc23a9e02b52f362f

SHA256
27358753c1dcf2a020a5d0c1c506eaa4e88222479de46488e60c0b7eae86f9d9

SHA512
3a5f8bd033221da78ce50f39378d1b6d91e2b4560f0e4a3434f62e54f31d9e79517b4f9f223c292f8283a8542fc93b585ede91f077c5c479cd4c3eea5eacd21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe

Filesize
468KB

MD5
1071963ad7960ab2c2677aec45bf0626

SHA1
83f62f1197f5e26418f08712481207a37f91a662

SHA256
958173037b283c1d0d459908e5922aebaaf00e8361fa3bdf912a9896f0f2279d

SHA512
ddf6948c2319a2a87cda147d305308152903c57ba9826ee40a78b1a9e4eaad7fef0e680c40089a0e4ee3484e1ef1f8b79c43a8cc3f8b367b93414718da6777f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe

Filesize
468KB

MD5
1ac989ac5b37eba1c43dbfe3a9d4af15

SHA1
f94c5a537258eee88f79572a58f684a1330e391e

SHA256
e26b956d93c25e04028a488187934eaf9d8b7b977cc734d3bdc763725d4a2784

SHA512
67bc308e69dd6ed5529e9c576437c17146c5b1a506666ffa6fde8e859d8e38d897752fc1a2b01335755d91a8ef368bbd51695353f3d2ae88023225e2be7b2487

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe

Filesize
468KB

MD5
a19e249f312a72e087dd9aa9618fd795

SHA1
1a40392702486aa6975dabaf5c18d92112b0523e

SHA256
72b4444641b9fbf8d82b7823a29094644cb0fa9ac2046c4f4dc19eefb1325f8a

SHA512
a4d9b82eb93f9e55eb9e09961a1624c16c5ed33c58f9989cf0cd8ee81a3a05a12fc3ec5bd1ae35cdc1cf9f12b50f69fe32db82ef9b10256d2e42e0c41d64c8fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe

Filesize
468KB

MD5
07a6df3b0c9ba17ef1146f3f1ea5ff3e

SHA1
f6f6e83f908b96d575318f1dbc52bf4bd80f914a

SHA256
2ca4bc86b89df5fa373ea5f9dff62104889970d2e648390ff60ac2b4dc5baf10

SHA512
3878fb1fbedbc864a96049e2066ad4f5716ee18397beb2da207641247ef7011c05ad32d22d7bc33fcedc0b8f22ae205a895a3f64a2116df4a1f7272983529eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe

Filesize
468KB

MD5
ec79153c47bec3b3356e6ddd9989f2fd

SHA1
3214ed1fcb771bfe9eaa99435d5825a66ad43580

SHA256
4c77765a572c15d356db73b7c14934c14471ed7dab313859b5700a5572cf9033

SHA512
a7dac7d0afc6e07a40cac8d39ae3829e5ce82ea9151da769c3b8801556c5b9d1c921edafd47974622b6029fa49008c19f523f2569f42bae81ce98581fd287acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe

Filesize
468KB

MD5
84baebe47a239ff2d8fe53cc4d5572b9

SHA1
5761eb99cd9191ed86a94852eff5e714d3f8864d

SHA256
87c951be91caa4dad42a57f786b1c9109dc275be6bbd331dd18e64871d03ae79

SHA512
1b90a86723a99388262ddadd120cd25b9835e95bc9636013b765975cc4d5a3e14b824f120ea988f17bf021f868bebaaecc60387684e3c90c3586ab76a1c0a61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe

Filesize
468KB

MD5
9ef204261dd97252c96749819270d856

SHA1
069885ec11590b12533154f758f17e5aeb4a69af

SHA256
d04772ff363a58d9a44e6b86502e74d47772011df27493ed4a15a731bd1eee13

SHA512
14b8427c051bab394fc15aabc5fb526a4935f469995807ce8129f1861096a05aa34b05ab92b86fa83d4e3c8bf0c5a13b81467736c38ff9b2ebbed5b00be82590

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe

Filesize
468KB

MD5
06f341ebb749ce8911bd45ed343750e1

SHA1
2dc1ceb4848d3c46672c8a33f143492d8b81c6ff

SHA256
0285b154b842c9ff3bb0a6466ad4e3300800bdde65e08d80fdb870088e3639d1

SHA512
0520022ed56f236cf853cae9a476a8edb24e75280e64f8b86515414e02bc2de64b229415c26e0e37838dc059c5cac46eb80e0b824459da53611a71d9edb0fb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe

Filesize
468KB

MD5
44d9a56e393a635a328cc094010b72e2

SHA1
181035d2f98683e44abe979a80343eaf9ac8f0de

SHA256
dfc8e139d0a73575466f39ac0e26f93f473f687a92f5a564d7729f268356485c

SHA512
04f62529da6458f1961646e54a6a5c314fa5543da2eb37cb0ec938c1ace305601c1a387b2b367e05925bf512adc1e57a42a3a7a14d47943d407947a094977d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe

Filesize
468KB

MD5
fd794d71898064c22d6e61f354fb404b

SHA1
fee77ae3ee9d48823be052c81a016973c909f454

SHA256
ae64f85eeecf65d6660d1969378119a96e8b7cc81b10f6fdd395161b9330d32e

SHA512
7607f8cb69483523e06fa4b8e596b381dc602fea8dca8e95ad4a2bd507af4568096cd49e186d38e9004bcb8892de055f00917596d8fb6b4ab9183de8bd6165e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe

Filesize
468KB

MD5
724b7bb3bc4ea763a4e5638bffe1e565

SHA1
ea7de835e6c4db7a16a754141340de0a3601e60f

SHA256
e2344fb003a0a1c21f60421cd4e79ddf96e928a0b9cfd63080f67d219caf795e

SHA512
85b091cd85d33ba04e82f6e9110f04592d5280773cfc274c4f10707e56a3363b125d22c9731a252a4eae5476726890dee9d0b8554948f6aef16d80e94475f948

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe

Filesize
468KB

MD5
f028c962f811f7b919c29f2a9558a3c5

SHA1
127518f7cd560bf5f185fcd92809b713e1d48a1f

SHA256
7837cfeeab56d45eaa3516b66727bbefc51fea49eb86352f48cb16f504995440

SHA512
ec6357aa9d8a58bff3f2c2b909837f03437cfe01b975e1ebe3efe3a5ffda43cdc194f98f6def1cf066af1df0a843dde1fd8db081c8c49943b5c22ce29d8ad5af

Download Submit
memory/16492-2490-0x0000000075EC0000-0x0000000075EE4000-memory.dmp

Filesize
144KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads