71e444fac632f0b7fba7e3fb6b3afe249c31cdad6d46c89e15d922686ee331cf

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe
Size

468KB
MD5

2e27fa488609f15b2758b27bd91bfae0
SHA1

915e89eabc8d73565e913e4a088fb0f38d539872
SHA256

71e444fac632f0b7fba7e3fb6b3afe249c31cdad6d46c89e15d922686ee331cf
SHA512

5f3a55d1f1aaf74120a4f641edcffee2f893128c81532a06e53d802c78d22dabfcca5972d63c777ea8d3c0eea1d567341fc164a7c8be9f39e6837986c17f51d0
SSDEEP

3072:tbACogIdh05YtbYFPzcjff8/WChyPaplnmHCxEhf4D0LmZau3sE+:tb1o58YtyP4jffpSfk4DOCau3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4592	Unicorn-20726.exe
1120	Unicorn-54705.exe
1156	Unicorn-64798.exe
3544	Unicorn-21812.exe
1496	Unicorn-9424.exe
2200	Unicorn-6465.exe
4860	Unicorn-12595.exe
2684	Unicorn-40247.exe
3180	Unicorn-40147.exe
2888	Unicorn-54865.exe
1876	Unicorn-43319.exe
4412	Unicorn-9193.exe
2336	Unicorn-50797.exe
2380	Unicorn-9088.exe
3272	Unicorn-14953.exe
2008	Unicorn-61751.exe
852	Unicorn-36461.exe
2300	Unicorn-40628.exe
3584	Unicorn-48936.exe
1100	Unicorn-7492.exe
1912	Unicorn-28240.exe
3600	Unicorn-47987.exe
1536	Unicorn-19124.exe
1596	Unicorn-14970.exe
4588	Unicorn-1235.exe
5032	Unicorn-57556.exe
3932	Unicorn-35818.exe
3908	Unicorn-59632.exe
4408	Unicorn-39628.exe
4396	Unicorn-10903.exe
2572	Unicorn-19196.exe
412	Unicorn-28983.exe
5112	Unicorn-9117.exe
844	Unicorn-2649.exe
376	Unicorn-23402.exe
1368	Unicorn-36464.exe
4656	Unicorn-6832.exe
1228	Unicorn-41211.exe
1616	Unicorn-47341.exe
4816	Unicorn-55898.exe
768	Unicorn-21389.exe
3148	Unicorn-21104.exe
2068	Unicorn-1010.exe
3492	Unicorn-26039.exe
3192	Unicorn-11565.exe
1388	Unicorn-13764.exe
2916	Unicorn-48021.exe
2704	Unicorn-60403.exe
5052	Unicorn-2084.exe
4460	Unicorn-2084.exe
2376	Unicorn-2349.exe
2180	Unicorn-32853.exe
3920	Unicorn-61742.exe
624	Unicorn-17158.exe
4756	Unicorn-38591.exe
2172	Unicorn-41876.exe
4092	Unicorn-13750.exe
3420	Unicorn-3423.exe
3996	Unicorn-37465.exe
3248	Unicorn-31865.exe
724	Unicorn-1339.exe
3116	Unicorn-10863.exe
1240	Unicorn-26903.exe
808	Unicorn-14774.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
8144	1052	WerFault.exe	192
17164	15408	WerFault.exe	824
16984	15592	WerFault.exe	797

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7036	dwm.exe
Token: SeChangeNotifyPrivilege	7036	dwm.exe
Token: 33	7036	dwm.exe
Token: SeIncBasePriorityPrivilege	7036	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe
4592	Unicorn-20726.exe
1120	Unicorn-54705.exe
1156	Unicorn-64798.exe
3544	Unicorn-21812.exe
4860	Unicorn-12595.exe
1496	Unicorn-9424.exe
2200	Unicorn-6465.exe
2684	Unicorn-40247.exe
3180	Unicorn-40147.exe
2380	Unicorn-9088.exe
2888	Unicorn-54865.exe
4412	Unicorn-9193.exe
2336	Unicorn-50797.exe
3272	Unicorn-14953.exe
1876	Unicorn-43319.exe
2008	Unicorn-61751.exe
852	Unicorn-36461.exe
2300	Unicorn-40628.exe
3584	Unicorn-48936.exe
1100	Unicorn-7492.exe
1912	Unicorn-28240.exe
3600	Unicorn-47987.exe
1596	Unicorn-14970.exe
1536	Unicorn-19124.exe
5032	Unicorn-57556.exe
4588	Unicorn-1235.exe
3932	Unicorn-35818.exe
4408	Unicorn-39628.exe
3908	Unicorn-59632.exe
4396	Unicorn-10903.exe
2572	Unicorn-19196.exe
5112	Unicorn-9117.exe
412	Unicorn-28983.exe
844	Unicorn-2649.exe
376	Unicorn-23402.exe
1368	Unicorn-36464.exe
4656	Unicorn-6832.exe
1228	Unicorn-41211.exe
4816	Unicorn-55898.exe
1616	Unicorn-47341.exe
3148	Unicorn-21104.exe
3192	Unicorn-11565.exe
3492	Unicorn-26039.exe
2068	Unicorn-1010.exe
768	Unicorn-21389.exe
2916	Unicorn-48021.exe
1388	Unicorn-13764.exe
5052	Unicorn-2084.exe
2704	Unicorn-60403.exe
3420	Unicorn-3423.exe
3920	Unicorn-61742.exe
624	Unicorn-17158.exe
4092	Unicorn-13750.exe
3996	Unicorn-37465.exe
4460	Unicorn-2084.exe
2180	Unicorn-32853.exe
2376	Unicorn-2349.exe
4756	Unicorn-38591.exe
3248	Unicorn-31865.exe
2172	Unicorn-41876.exe
3116	Unicorn-10863.exe
724	Unicorn-1339.exe
1240	Unicorn-26903.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 4592	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	85
PID 5056 wrote to memory of 4592	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	85
PID 5056 wrote to memory of 4592	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	85
PID 4592 wrote to memory of 1120	4592	Unicorn-20726.exe	86
PID 4592 wrote to memory of 1120	4592	Unicorn-20726.exe	86
PID 4592 wrote to memory of 1120	4592	Unicorn-20726.exe	86
PID 5056 wrote to memory of 1156	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	87
PID 5056 wrote to memory of 1156	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	87
PID 5056 wrote to memory of 1156	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	87
PID 1120 wrote to memory of 3544	1120	Unicorn-54705.exe	88
PID 1120 wrote to memory of 3544	1120	Unicorn-54705.exe	88
PID 1120 wrote to memory of 3544	1120	Unicorn-54705.exe	88
PID 4592 wrote to memory of 1496	4592	Unicorn-20726.exe	89
PID 4592 wrote to memory of 1496	4592	Unicorn-20726.exe	89
PID 4592 wrote to memory of 1496	4592	Unicorn-20726.exe	89
PID 5056 wrote to memory of 2200	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	90
PID 5056 wrote to memory of 2200	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	90
PID 5056 wrote to memory of 2200	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	90
PID 1156 wrote to memory of 4860	1156	Unicorn-64798.exe	91
PID 1156 wrote to memory of 4860	1156	Unicorn-64798.exe	91
PID 1156 wrote to memory of 4860	1156	Unicorn-64798.exe	91
PID 3544 wrote to memory of 2684	3544	Unicorn-21812.exe	92
PID 3544 wrote to memory of 2684	3544	Unicorn-21812.exe	92
PID 3544 wrote to memory of 2684	3544	Unicorn-21812.exe	92
PID 1120 wrote to memory of 3180	1120	Unicorn-54705.exe	93
PID 1120 wrote to memory of 3180	1120	Unicorn-54705.exe	93
PID 1120 wrote to memory of 3180	1120	Unicorn-54705.exe	93
PID 1156 wrote to memory of 2888	1156	Unicorn-64798.exe	94
PID 1156 wrote to memory of 2888	1156	Unicorn-64798.exe	94
PID 1156 wrote to memory of 2888	1156	Unicorn-64798.exe	94
PID 1496 wrote to memory of 1876	1496	Unicorn-9424.exe	96
PID 1496 wrote to memory of 1876	1496	Unicorn-9424.exe	96
PID 1496 wrote to memory of 1876	1496	Unicorn-9424.exe	96
PID 2200 wrote to memory of 2336	2200	Unicorn-6465.exe	97
PID 2200 wrote to memory of 2336	2200	Unicorn-6465.exe	97
PID 2200 wrote to memory of 2336	2200	Unicorn-6465.exe	97
PID 4860 wrote to memory of 4412	4860	Unicorn-12595.exe	95
PID 4860 wrote to memory of 4412	4860	Unicorn-12595.exe	95
PID 4860 wrote to memory of 4412	4860	Unicorn-12595.exe	95
PID 4592 wrote to memory of 2380	4592	Unicorn-20726.exe	99
PID 4592 wrote to memory of 2380	4592	Unicorn-20726.exe	99
PID 4592 wrote to memory of 2380	4592	Unicorn-20726.exe	99
PID 5056 wrote to memory of 3272	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	98
PID 5056 wrote to memory of 3272	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	98
PID 5056 wrote to memory of 3272	5056	2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe	98
PID 2684 wrote to memory of 2008	2684	Unicorn-40247.exe	100
PID 2684 wrote to memory of 2008	2684	Unicorn-40247.exe	100
PID 2684 wrote to memory of 2008	2684	Unicorn-40247.exe	100
PID 3180 wrote to memory of 852	3180	Unicorn-40147.exe	101
PID 3180 wrote to memory of 852	3180	Unicorn-40147.exe	101
PID 3180 wrote to memory of 852	3180	Unicorn-40147.exe	101
PID 2380 wrote to memory of 2300	2380	Unicorn-9088.exe	102
PID 2380 wrote to memory of 2300	2380	Unicorn-9088.exe	102
PID 2380 wrote to memory of 2300	2380	Unicorn-9088.exe	102
PID 4592 wrote to memory of 3584	4592	Unicorn-20726.exe	103
PID 4592 wrote to memory of 3584	4592	Unicorn-20726.exe	103
PID 4592 wrote to memory of 3584	4592	Unicorn-20726.exe	103
PID 1120 wrote to memory of 1100	1120	Unicorn-54705.exe	104
PID 1120 wrote to memory of 1100	1120	Unicorn-54705.exe	104
PID 1120 wrote to memory of 1100	1120	Unicorn-54705.exe	104
PID 3544 wrote to memory of 1912	3544	Unicorn-21812.exe	105
PID 3544 wrote to memory of 1912	3544	Unicorn-21812.exe	105
PID 3544 wrote to memory of 1912	3544	Unicorn-21812.exe	105
PID 2336 wrote to memory of 3600	2336	Unicorn-50797.exe	106

C:\Users\Admin\AppData\Local\Temp\2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e27fa488609f15b2758b27bd91bfae0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        11⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        11⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        10⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
        10⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        10⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        10⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        10⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        10⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        9⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        9⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        9⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        10⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        9⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        9⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        9⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
        8⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        8⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        9⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        9⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        9⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        8⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        8⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        8⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        8⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        7⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        9⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        9⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        9⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        8⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        8⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        8⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        8⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22243.exe
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        7⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        9⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        9⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        8⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        7⤵
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        7⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        6⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        6⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        5⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        5⤵
        
        PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        9⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        9⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        9⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        9⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        8⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        7⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        6⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        8⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        7⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        7⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        6⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
        6⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        9⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        9⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        9⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        8⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        8⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        8⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        8⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        7⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        7⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        7⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        5⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        7⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        6⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        6⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37994.exe
        5⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        5⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        5⤵
        
        PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        8⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        5⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        7⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        6⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        5⤵
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        7⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        6⤵
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        5⤵
        
        PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
      4⤵
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        6⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        5⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
      4⤵
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
      4⤵
      PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
      4⤵
      PID:16528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        9⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
        9⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
        9⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        8⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        8⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        8⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
        7⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        8⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        8⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        7⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        7⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        6⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        8⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        8⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        7⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
        6⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        5⤵
        
        PID:16144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        6⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        8⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52034.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
        7⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        7⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        7⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        6⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        5⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        5⤵
        
        PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62900.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        7⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        6⤵
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        6⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32756.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        5⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        5⤵
        
        PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
      4⤵
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
      4⤵
      PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61427.exe
        6⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        8⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        8⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        7⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        7⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
        6⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        5⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        7⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        6⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        5⤵
        
        PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        5⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        7⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        7⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        6⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        6⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        5⤵
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
      4⤵
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        6⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        5⤵
        
        PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        5⤵
        
        PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
      4⤵
      PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
      4⤵
      PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        7⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        7⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        6⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        6⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        5⤵
        
        PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
      4⤵
      PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
      4⤵
      PID:15580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        6⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        5⤵
        
        PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        5⤵
        
        PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29853.exe
        5⤵
        
        PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
      4⤵
      PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
      4⤵
      PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
      4⤵
      PID:10364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16957.exe
    3⤵
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
      4⤵
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
      4⤵
      PID:15764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
    3⤵
    PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
      4⤵
      PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
      4⤵
      PID:8640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
    3⤵
    PID:10632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
    3⤵
    PID:14880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
    3⤵
    PID:8932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        8⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        7⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        7⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        7⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        7⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        6⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        6⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        6⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        7⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38477.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        6⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        5⤵
        
        PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        6⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        8⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        7⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        7⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        7⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        6⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        6⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        5⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15593.exe
        6⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        7⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        7⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
      4⤵
      PID:64
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        6⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
      4⤵
      PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
      4⤵
      PID:10592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
      4⤵
      PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
      4⤵
      PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
      4⤵
      PID:7048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        7⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        7⤵
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        6⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        7⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
        6⤵
        
        PID:15592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15592 -s 464
        7⤵
        Program crash
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        6⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        5⤵
        
        PID:14476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52848.exe
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        7⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        7⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        6⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        5⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        5⤵
        
        PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
      4⤵
      PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
      4⤵
      PID:8888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        7⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        6⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64548.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
        6⤵
        
        PID:15408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15408 -s 452
        7⤵
        Program crash
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe
        6⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        5⤵
        
        PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        5⤵
        
        PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
      4⤵
      PID:14980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
      4⤵
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        6⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        5⤵
        
        PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
      4⤵
      PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
      4⤵
      PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
      4⤵
      PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
      4⤵
      PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
      4⤵
      PID:8008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
    3⤵
    PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      4⤵
      PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17984.exe
      4⤵
      PID:8004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
    3⤵
    PID:10820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
    3⤵
    PID:14624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
    3⤵
    PID:8984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        7⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        5⤵
        
        PID:1052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 636
        6⤵
        Program crash
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        5⤵
        
        PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        5⤵
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45924.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        6⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
      4⤵
      PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
      4⤵
      PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
      4⤵
      PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
      4⤵
      PID:6588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        6⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2768.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        6⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
      4⤵
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        6⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        6⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62545.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        5⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        
        PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
      4⤵
      PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
      4⤵
      PID:10392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        5⤵
        
        PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32195.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
      4⤵
      PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
      4⤵
      PID:1276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
    3⤵
    PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
      4⤵
      PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
      4⤵
      PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
    3⤵
    PID:7496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
    3⤵
    PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
    3⤵
    PID:13976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
    3⤵
    PID:10032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
      4⤵
      Executes dropped EXE
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        6⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37859.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        5⤵
        
        PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        5⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        5⤵
        
        PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
      4⤵
      PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
      4⤵
      PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
      4⤵
      PID:716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
    3⤵
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
      4⤵
      PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
      4⤵
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
      4⤵
      PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
    3⤵
    PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      4⤵
      PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
      4⤵
      PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
      4⤵
      PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
      4⤵
      PID:8928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
    3⤵
    PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
      4⤵
      PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
      4⤵
      PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
    3⤵
    PID:11072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
    3⤵
    PID:14608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
    3⤵
    PID:5764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
      4⤵
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        6⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        5⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        5⤵
        
        PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
    3⤵
    PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
      4⤵
      PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
      4⤵
      PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
      4⤵
      PID:14144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
    3⤵
    PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
      4⤵
      PID:16720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
    3⤵
    PID:9172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
    3⤵
    PID:13508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
    3⤵
    PID:16408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
    3⤵
    PID:5576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
    3⤵
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
      4⤵
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
      4⤵
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
    3⤵
    PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
    3⤵
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
    3⤵
    PID:14452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
    3⤵
    PID:16908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
    3⤵
    PID:11184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
  2⤵
  PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
    3⤵
    PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
    3⤵
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
    3⤵
    PID:12544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
    3⤵
    PID:17204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
  2⤵
  PID:7504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
  2⤵
  PID:11048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
  2⤵
  PID:14384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
  2⤵
  PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1052 -ip 1052
1⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 15408 -ip 15408
1⤵
PID:4952

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe

Filesize
468KB

MD5
064a4c3ebb3535bd40d88768e4c14ecf

SHA1
8bee913dc34065d085c7b13a1a515e2cc47fbf05

SHA256
eaccbf47c63a80ad133e976de3517a9ea05961d74e1ecda97dae354886c6cc9e

SHA512
b470eef6da0da9e14ec055f3c0e1d9ba487cca47562f82c1a7bc6713722e2673fd8319dfe120d79e23842075ca1d8f358a7c18b2a547eb1021bba7c0c3a22af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe

Filesize
468KB

MD5
83936fe2f22d65a1cc916b0285a5655c

SHA1
cdfbac95fd0772896d488693dfbdffc4c2b1290f

SHA256
9e1c2758835fefd25d5af429a4b6823f418aca01499bd8ad373b793e29a8183d

SHA512
e46fd834ca009caa8ac4d483e0eb41e0fd0dff92a7c907d1ee2aab35ff00f5dd24d283e549abcd60c4aea80a73ba231f52557971ad69fb21564a708567208a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe

Filesize
468KB

MD5
846d54974652d28fef78ce768e712dca

SHA1
7a91ca2a0c7dc1a77b33a0cc11b627eeca33681c

SHA256
a1a68646d7346feb0d66f53179e348725f0b951e48f8c58f4d09d63d1a7b0fb4

SHA512
947a65e2c8ce802487aa0b37b9ae7c330847f2d0425d2846791c6e3ca311fff4e8cc5ed0b7ebd64150d75c89f0af7637170cee5546dd6ac0ca0ed1ce404bd6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe

Filesize
468KB

MD5
bdaf54dcdc27f689bb800a39c69ec7b8

SHA1
6989ee6e135dba9d471c1e23dcd0d76a3c426982

SHA256
b6941b12595121b91e500f1fa3d246eafdf1f066f3ed5a3aca18129c2f983927

SHA512
e565f62f27cd9522e6b734e29543971218725ef858a537d793791c7d9f3e4cd5765b82f3ceea3b895f5ee80fc04dc5541ee34ded2ca6f1e3d6ffaa2b14412881

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe

Filesize
468KB

MD5
20df292e6b0d8e80ffade26eaf537c9d

SHA1
5f0b0a6e1d9b0b67e4ca6f9e0d7e2fba66ac35ed

SHA256
0ec4f538c3fb116c23403f124712236f8faafc02bb80ce85345251c63449ad38

SHA512
c44880cc5a25e0de236cd42e96a7fbcd4c3c17151b26e9c6d6139d069825c26c1d910f32bc0c677ab90d73a3b2086516d6cbbc0fc940481a8825bb00dc2086d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe

Filesize
468KB

MD5
befdd2f60eef87cb718b491618b3238a

SHA1
6177a25e0fb33043f4eed7f0ae52518121384004

SHA256
446bdab015de24d9547677f6ea20214adbfecf7b7f011e93e29d9f3a075f3e28

SHA512
1f5e99664070d035b4bbdde80e7494ec34375faba4a7cf948c943cfd55e3c10e6c07e7a9badd2df00901ef5dd98580c1470a9ffa3dfd5b06836b922f287124b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe

Filesize
468KB

MD5
0e0dcef3c9d1e6627dd3f6923622836d

SHA1
2dde6c966bf2a70296729ba95e5f06f958579ee1

SHA256
be905d116b2a772b326ce9a74ca6add44fc681bc1d4d6809f7a6f9c90baaed61

SHA512
4e2530091c91606b0779d2b204a6650401521cacacb167621be92c18a6c2f2c8644e67cbbb9a9bee7d104ff404dbf71c3b2e88a4c122953f251226dab71f88b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe

Filesize
468KB

MD5
c07e59ebaad4908dfedd90210bec6ebe

SHA1
43d8605ad12ace0e1de8e97a33450f236ed1c946

SHA256
5b06bcbe672f5fc8f8088751ac883ca733bf56a70eed62842e78ec7d54bc7baf

SHA512
95c84bf76d13bd99fe9aba45cd6fbf6703381597a88bcbf207ef75d56cafba9b03a269839f500d5585fa785ff7f86d54218c7ad024cd8a88e30cf9a1747da1bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe

Filesize
468KB

MD5
c45e02934f6042397f94354da3d5518e

SHA1
7742b304125e89d09c043763c4a8034006f46db7

SHA256
9710957dc8878a7cfc6752fb902bba5309ff6578905f45f285f0de8829fa5953

SHA512
36c7df0f5d6a83fbd6de34a7a9f5dd5e3c923bf72db1548226d3e01048dd1eba26974ce4daa62f01983682f05c405e09f4c52871a2e76f001b7a5a9e9ed05a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe

Filesize
468KB

MD5
b5375301af0436b7263b05ccee9559f8

SHA1
560955bd324fe53fd431a13263ea958aa31df4fb

SHA256
4e15b05596b398adb1d2b73bdc0108b4aa00cf12b353c8a0abf39c4514767ed6

SHA512
b772d2f1058a5c692c396038e1b6db8f92d35bedad8cef33231f0a5f6ff8c39f0ad1bfb101f885bb30305f6f8e3ecc5f3be52d9916bb3980ef99c3ab7cc9c607

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe

Filesize
468KB

MD5
1633e8b9a680a154b71e9bab07ef5c3a

SHA1
8cc9472973e543bb27b87c73c14038c437a293e6

SHA256
1f1e447066528fa5c647bd2f6a9f9688a3f8d3859c6ade01edef67bdbd16d547

SHA512
7d4cc0a2394e69ec89f59c3cb6ea9ade4506d40f36c627190475985fa45d4b250adfa257ce90a77890e73cabbf302d11064eb9ad2375211e4f3266fc081b54ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe

Filesize
468KB

MD5
aedd707c65cb601431c6c8b9002c5000

SHA1
3c9c701479771303708b3e04cf09647a25cb0f10

SHA256
34846e9f987492db2d9d638c22d8b9201fba827b98be694e9a400abf6c217c3e

SHA512
5d5136509c0fb40f0a34b4c340b3b8c0d22ccc662ba925699d9725b0b98c35e2c3f3f0604c48183b3362629e21c47ef0d0493a8adb7b4d7f10f7f714c3595bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe

Filesize
468KB

MD5
39dcf481daa039261939ced9babe86aa

SHA1
52844548f206be5d1e0d7670b1e6e9d09ee8af15

SHA256
9bc3ff1d1fdc07ddc437cbb26280d00d531f2f4bfd59b3d72f69445026aa170e

SHA512
c10dde4c7899b1ce87513b3629fbb299951b9ec9a8e53d94bc1b1f08bee4b8dda798493a44e63abc01e61146e8639b9306c72c343251e8079c99c906be10fa40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe

Filesize
468KB

MD5
fe501f0711e92c088b02ec89ef82f75f

SHA1
30bd4acdbe0498e687ea0fc0c434a95c6b8179e7

SHA256
f7b4ecb41cd7a48081e9dbe4fdb06241a6f6d8c70c00bff651d257fedb9d1bc6

SHA512
6c5117f6be1b87c17735fceef624cf5e4e02dc5b4c8bfaccc9ec40ef2cad2be9547cf52cf285378302729448934a575de92c0d18830c1c2de2adcb06a7ff9a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe

Filesize
468KB

MD5
bfcb5f8610616d6638fe4fc5ccdce0ea

SHA1
aa667eed5a6cd8f06fe791769abe6d18002f3d75

SHA256
2c63d350aadb037de65a1f345fc9d494e27d72a840e1a93159deb14d7d768a54

SHA512
b01739f3bbe1fd26db02b3b9dc2aee809ff634624f690ea96029fdd75d4e2610ca645ca2b9391ef871af3a5dfc76f8a33fef0974f95e4993cd10bfada2842664

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe

Filesize
468KB

MD5
1edfd2fdf0e3ad99deda699b9aa48d95

SHA1
44b6530d9bc3cae4069280944457c7e96dc7c379

SHA256
16dfe083180a1f17fe82200ee9102f68ca064a4d6c456cafa6b552bd1e855236

SHA512
99ca43dd11857080bc9cc5ae1a909e5a5eee3578aa3f92426022aa62be0ffb77059210de36a42f0b6d172f004ec6a82f86c506f37f356a54b1f0bfb7ed01c0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe

Filesize
468KB

MD5
c76ebc121930e0f1f818e92134435370

SHA1
9f904aa397e4f7e66bc628269112f68f81bb5d36

SHA256
6f88d3c4790c30db4411bf692174a79ed1b477b706501f7895e66cb19d54c338

SHA512
fc4fa930e028d0cc0c64a9858ff940135def5526882ffa49659d90d98ca6d6d9a3161e235ab06904904b3716c3c99546c0aac679e5c89dea3353bfecad3df028

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe

Filesize
468KB

MD5
dbc2170ade5c4a1faeba7096bfd854a9

SHA1
12bdbb46e42591bc85c538ebd86b53fb2ae7b616

SHA256
fdd3f975f09fdef3e9b65c5fc5382d09253d8b415f20d51b843a34d499a3707b

SHA512
0a7ce718a849fa68c4490f143bba1b38b98f7168bb68970cacf72f6334a0c4689845670bbe0da53f3fdc5f7c615e6bad6860910d80c11e40e10974b77018b5b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe

Filesize
468KB

MD5
0347f85886abd77a1a8dd13ab1131494

SHA1
b2ec7f9b51e5fb34bc089705de47b291df9feb0e

SHA256
4f542ce0db52532b314d3bd53c4869a79c29e71d7f416862574eb5499dc3207b

SHA512
e147d6951511620f306cd64d1ea5d1c05d1e7a84a5f10658b7fea1913a0d826c497808345131d54f1758e501a75059bb40045a3454ce8cf6f1d7374b07d05584

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe

Filesize
468KB

MD5
22134c3c94ec457a1cd91f4b4b13ad13

SHA1
ebfd0793f3a158026c7f3afecc44f6e4adbb6c3f

SHA256
09c8bd87d1ce0537e3af2cbb23c5d09ff5cb51de3d1c9215e71cd8bd76e7231b

SHA512
fac90d004f4a115866cc55b370f3a01370efd96c5313f5bf11d9a5827af0db12dd0fe7e4fe6fd6e59918c423b4c355dabdf4775972971ed64e2f956c0151ac89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe

Filesize
468KB

MD5
d00ef57c5ed99aa48fbf518e7bbb76ab

SHA1
7aa1deb1fdcf8e16ba228f2794c4f156548e5d4c

SHA256
00cc1326b594dfca1432877e6d20c3020a69cbd71cc312ecc917033a10819dee

SHA512
891da5c94d43e9602d67e6433a634cc89d8af356b1642a0b48fd4de6c4d0fe590f2d797ae1b96c912eb39882b2d89dcc9ea3ab37228985795c116ccfc84407fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe

Filesize
468KB

MD5
a0616fcde3f2e28ed8fa9d64a1ef559a

SHA1
65842b372fa942d12839230f467c930f52a1f2f1

SHA256
35ec2fbbd26a4bd87392e990fd3e0c4d6dc96d19c7d5203bdfb63b003658536f

SHA512
bcc0d09c01f5e490c07efd8b91ad0c995cfe6666513c17f264cebcfebf3504486cbb58d70a17f3838b5f1576210359f7e1ceb63fc51fc1028ad6c9deb0e323d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe

Filesize
468KB

MD5
b8d7479c694045070e82ab2978b54f46

SHA1
e4a5f638729a4703276cdae492f2eb9ee9967a74

SHA256
dfb6bb95fb207ed0447e35f6fdaa211b587bc526890068a81a4a347d8d917cc4

SHA512
1710de243d2baec539559529265f039421444d44c72e7a3a6a3e8ddc7de916d91cb34e3584c5c48b9c0a7a153663f3537e6709da5b87932ec579d0cac77142e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe

Filesize
468KB

MD5
34b62380cb6359770c084ff7b3c4e80d

SHA1
e4cdfc9218e9d51283f5f2d85e734e3e99bcd1b0

SHA256
858642245cc0636300529980f3886565d2dbc9820e2dc41a0708719ac8e591a9

SHA512
f683103a59d6587390ebc6e8cca0a9fbe9d418e498f2024755742303eafd5628d29fbc202144862acd73c41fd377840c2abaff90167a31800e7ae197d894d614

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe

Filesize
468KB

MD5
0d1f0713fbf29c67305554d40abc7487

SHA1
76544f47f61b25237f858e43120e2b92b94f9253

SHA256
9484848a4a1d1453465ec9b940d6dcfb1d76bfd856722ecb00418c65a59e52ff

SHA512
48ff3e28eee7afa0b3ea124860b3da95b50ce32438dfb61caa78c525fbff383ee7056cd11106494a0b66c7a96f9f4a426396eace3a08c5e11f342f088fe588b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe

Filesize
468KB

MD5
9c911b81dc3be23a3ee9fdc75111bbeb

SHA1
e9990a208b70e1ea204b32426e2efbe42c09aa92

SHA256
b890ba1205826be28104fbce9cde8053b73fe8e7054ba31dd4b306db0845e55c

SHA512
a2dbbe8d3d05e5f48b7ac30dfb33ba554a467e3d2db85300dd08a5ee4fb0b73776fafdb401ba66cf8eaa2491a4982253b523a9b543d8b9d3a232abd9f91889bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe

Filesize
468KB

MD5
a0b76f2cb99bc2585a8c8e2a79abee25

SHA1
a42ae83634bef0b4b8ebea704312590ea789378a

SHA256
8683075a4949b45fba08d8b87fb4a7c3dea1a03dba079cfc6c6c69e0ffc1fd0f

SHA512
bf87f2842ee6b8f29707e9b15a0b3ba26e8d9c30f1511b7ad201c33293398271c98eb1a63908eb03224f4314b52b05d26eb6d51e2ef9eb3a69f98fe127f8b8a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe

Filesize
468KB

MD5
2b393dfe009fede34e2d72ef496d237a

SHA1
52f34ba30fdb4e45e7a9cc0ed80751747c55a28e

SHA256
1298151f9a6139dacd28a318cb391ea9d5ce4e9376873af1a27fd7a23deb3be5

SHA512
3b0e57b860087dcfa7b9e566a50ca0cdc70c5ef9762914206eedcdf3dc8401f0f5aa543abb995cd7edc1036f6ceee23d4d5f2bb7ecd12db62361ee05e66c441e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe

Filesize
468KB

MD5
0bedef9f6fb962314a59b89c3fec16bd

SHA1
5fdef157580654fe9abe6e7d386f3777a0f794a3

SHA256
1541d1327cfc7b9b6c3c5481b25b21a9f2529fae4ae4f69e9457b570f7b8e6a5

SHA512
2f8dcfe18fa65885518aee407701660e19ef1a22e470a7372ef201ee4d2c8023f0890b09c581a229b3fb887698fdefc3c043b93b25491ae41b253e59b8790d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe

Filesize
468KB

MD5
0e34ba71803e08a6fe5c2c2835edf302

SHA1
befed3938fbd892b80c9173d512640ba683d2670

SHA256
2e3049a595f07023b742651be6aaae594c7f7463959a0ec9ee7b7c9b1620a1e9

SHA512
787d46d7aa37460a8a45764bf230d62f296b5c1f2f7af8f706ff6da3be18394aebd793a845886be089a5b5bd9cee442226230a508877b07c42803dd35a788275

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe

Filesize
468KB

MD5
1adecbb887b5375bc37078ff885cec46

SHA1
c1e62a281f90e62d6520b36ec68182b08efda5b0

SHA256
8f67875f6249c0cee34395a3af9598e3c5c52bd7ead5e6288df6c4c232d62c8c

SHA512
2acd884d8b47dd5f3b77feb56df83b41a7630b95cf29d89941aace26daa916a32dde20f6076bde6068565be41ab62805d5bf0432cd155f087765ca44ac92093c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe

Filesize
468KB

MD5
485b9207b1546eb2679b1908c05e8d4c

SHA1
96b6e37510089d4766dc428609c68c1b58c165c2

SHA256
5b4c30e329d943194681ca3ce6dfa99e975ed7db990eae78ea8ba2170fd15093

SHA512
aca8366a753c03b0010bbfe5a72a507c5ade770fabaa93191aacf73bc42469a72efeaa179a3f243e6ab6a4416c0b1dc6074e4d3dcccaa48d4e961cab9930da0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe

Filesize
468KB

MD5
e2682613cc5fb5085bb00f62d18b7730

SHA1
b6b86702dc620585d8d6d86442fb063924db8a85

SHA256
699a76f13f2321d9664b279429b10418dbf08d398304d2cb66dc8301eccb15b0

SHA512
11970741f96209a8b86049df949d50d67d3a2c163beae1efc7f4445f5a608cd2b7c9efc16c23faaf382c1a421a030a36d1f7af8c5ae7e2eeac1ea53df3dbf701

Download Submit
memory/3908-2840-0x0000000075750000-0x0000000075809000-memory.dmp

Filesize
740KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads