15f79e92df020ec5658bd2813be6be4cf4c36326d9e16c3babfcb3334a26a68e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe
Size

184KB
MD5

6b77acee30c7162209a007924d1bf540
SHA1

5374d15ef32815b2f531167d822c4fe64a1a50b0
SHA256

15f79e92df020ec5658bd2813be6be4cf4c36326d9e16c3babfcb3334a26a68e
SHA512

d4c152b8e176663528243c94ef353b2bee3cd33e1bfe8dca7bda96b846199279832c871d6d3c7a969852913be9625f739a1562936de30a21a522c2a9dff27d83
SSDEEP

3072:pQSd6HconSNqld+3XWH3fttx9lvnqnviuU:pQSHopD+3Sf/x9lPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4588	Unicorn-33890.exe
3760	Unicorn-4881.exe
4280	Unicorn-50553.exe
4684	Unicorn-50050.exe
2924	Unicorn-17378.exe
4956	Unicorn-63049.exe
2140	Unicorn-60448.exe
4408	Unicorn-20850.exe
4680	Unicorn-408.exe
4668	Unicorn-53138.exe
2676	Unicorn-49033.exe
4676	Unicorn-3361.exe
1976	Unicorn-62960.exe
1156	Unicorn-52754.exe
4120	Unicorn-19816.exe
2908	Unicorn-37874.exe
4136	Unicorn-63426.exe
3204	Unicorn-56130.exe
1276	Unicorn-22690.exe
1284	Unicorn-19352.exe
4760	Unicorn-415.exe
1936	Unicorn-38642.exe
4468	Unicorn-57474.exe
4508	Unicorn-57209.exe
3244	Unicorn-8465.exe
2888	Unicorn-54137.exe
1596	Unicorn-32399.exe
396	Unicorn-41330.exe
2864	Unicorn-21211.exe
4892	Unicorn-50960.exe
4568	Unicorn-20888.exe
4456	Unicorn-33842.exe
2720	Unicorn-33842.exe
5008	Unicorn-46841.exe
736	Unicorn-60576.exe
668	Unicorn-15835.exe
2776	Unicorn-6234.exe
5068	Unicorn-6234.exe
4644	Unicorn-22440.exe
624	Unicorn-19455.exe
3860	Unicorn-8481.exe
4620	Unicorn-8481.exe
3596	Unicorn-21672.exe
3768	Unicorn-50754.exe
4140	Unicorn-57225.exe
4932	Unicorn-26738.exe
2224	Unicorn-22632.exe
3684	Unicorn-9306.exe
1288	Unicorn-45186.exe
1444	Unicorn-28850.exe
4908	Unicorn-41848.exe
4828	Unicorn-22911.exe
1152	Unicorn-65529.exe
3636	Unicorn-61714.exe
3044	Unicorn-8600.exe
2760	Unicorn-57801.exe
1580	Unicorn-36248.exe
4612	Unicorn-12129.exe
4236	Unicorn-38864.exe
1588	Unicorn-12129.exe
1680	Unicorn-11937.exe
3332	Unicorn-44729.exe
2692	Unicorn-36738.exe
2476	Unicorn-4065.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
6340	5760	WerFault.exe	202
6404	2420	WerFault.exe	159
7320	6696	WerFault.exe	259
8456	6696	WerFault.exe	259
8704	9084	WerFault.exe	409
13568	5596	WerFault.exe	273
12888	3544	Process not Found	1044

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
13256	Process not Found
10476	Process not Found
14456	Process not Found
1484	Process not Found
15156	Process not Found
15108	Process not Found
15184	Process not Found
15280	Process not Found
11464	Process not Found
13576	Process not Found
13480	Process not Found
13276	Process not Found
15176	Process not Found
14472	Process not Found
12880	Process not Found
792	Process not Found
14284	Process not Found
14512	Process not Found
14572	Process not Found
10680	Process not Found
5972	Process not Found
11036	Process not Found
14452	Process not Found
13520	Process not Found
6068	Process not Found
3692	Process not Found
11524	Process not Found
13728	Process not Found
9164	Process not Found
14600	Process not Found
816	Process not Found
824	Process not Found
1204	Process not Found
7244	Process not Found
14584	Process not Found
12356	Process not Found
1020	Process not Found
11612	Process not Found
11044	Process not Found
5592	Process not Found
14800	Process not Found
10984	Process not Found
15060	Process not Found
15160	Process not Found
14288	Process not Found
14836	Process not Found
15200	Process not Found
15068	Process not Found
15064	Process not Found
9192	Process not Found
7860	Process not Found
13672	Process not Found
15340	Process not Found
15140	Process not Found
15100	Process not Found
14796	Process not Found
15356	Process not Found
14792	Process not Found
14912	Process not Found
12296	Process not Found
15248	Process not Found
14136	Process not Found
1952	Process not Found
15380	Process not Found

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3960	dwm.exe
Token: SeChangeNotifyPrivilege	3960	dwm.exe
Token: 33	3960	dwm.exe
Token: SeIncBasePriorityPrivilege	3960	dwm.exe
Token: SeCreateGlobalPrivilege	9240	dwm.exe
Token: SeChangeNotifyPrivilege	9240	dwm.exe
Token: 33	9240	dwm.exe
Token: SeIncBasePriorityPrivilege	9240	dwm.exe
Token: SeCreateGlobalPrivilege	13540	Process not Found
Token: SeChangeNotifyPrivilege	13540	Process not Found
Token: 33	13540	Process not Found
Token: SeIncBasePriorityPrivilege	13540	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe
4588	Unicorn-33890.exe
4280	Unicorn-50553.exe
3760	Unicorn-4881.exe
4684	Unicorn-50050.exe
4956	Unicorn-63049.exe
2924	Unicorn-17378.exe
2140	Unicorn-60448.exe
4408	Unicorn-20850.exe
4680	Unicorn-408.exe
4668	Unicorn-53138.exe
1156	Unicorn-52754.exe
1976	Unicorn-62960.exe
4120	Unicorn-19816.exe
2676	Unicorn-49033.exe
4676	Unicorn-3361.exe
2908	Unicorn-37874.exe
4136	Unicorn-63426.exe
3204	Unicorn-56130.exe
1276	Unicorn-22690.exe
1284	Unicorn-19352.exe
4760	Unicorn-415.exe
1936	Unicorn-38642.exe
4508	Unicorn-57209.exe
4468	Unicorn-57474.exe
2864	Unicorn-21211.exe
3244	Unicorn-8465.exe
396	Unicorn-41330.exe
2888	Unicorn-54137.exe
1596	Unicorn-32399.exe
4568	Unicorn-20888.exe
4892	Unicorn-50960.exe
2720	Unicorn-33842.exe
4456	Unicorn-33842.exe
736	Unicorn-60576.exe
5008	Unicorn-46841.exe
668	Unicorn-15835.exe
2776	Unicorn-6234.exe
5068	Unicorn-6234.exe
4644	Unicorn-22440.exe
624	Unicorn-19455.exe
3860	Unicorn-8481.exe
4620	Unicorn-8481.exe
3596	Unicorn-21672.exe
3768	Unicorn-50754.exe
4140	Unicorn-57225.exe
4932	Unicorn-26738.exe
2224	Unicorn-22632.exe
1288	Unicorn-45186.exe
4908	Unicorn-41848.exe
1444	Unicorn-28850.exe
3684	Unicorn-9306.exe
1152	Unicorn-65529.exe
2760	Unicorn-57801.exe
3636	Unicorn-61714.exe
4828	Unicorn-22911.exe
3044	Unicorn-8600.exe
1580	Unicorn-36248.exe
3332	Unicorn-44729.exe
1588	Unicorn-12129.exe
4236	Unicorn-38864.exe
4612	Unicorn-12129.exe
1680	Unicorn-11937.exe
2476	Unicorn-4065.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 4588	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	88
PID 996 wrote to memory of 4588	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	88
PID 996 wrote to memory of 4588	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	88
PID 4588 wrote to memory of 3760	4588	Unicorn-33890.exe	91
PID 4588 wrote to memory of 3760	4588	Unicorn-33890.exe	91
PID 4588 wrote to memory of 3760	4588	Unicorn-33890.exe	91
PID 996 wrote to memory of 4280	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	92
PID 996 wrote to memory of 4280	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	92
PID 996 wrote to memory of 4280	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	92
PID 3760 wrote to memory of 4684	3760	Unicorn-4881.exe	94
PID 3760 wrote to memory of 4684	3760	Unicorn-4881.exe	94
PID 3760 wrote to memory of 4684	3760	Unicorn-4881.exe	94
PID 4280 wrote to memory of 2924	4280	Unicorn-50553.exe	95
PID 4280 wrote to memory of 2924	4280	Unicorn-50553.exe	95
PID 4280 wrote to memory of 2924	4280	Unicorn-50553.exe	95
PID 4588 wrote to memory of 4956	4588	Unicorn-33890.exe	96
PID 4588 wrote to memory of 4956	4588	Unicorn-33890.exe	96
PID 4588 wrote to memory of 4956	4588	Unicorn-33890.exe	96
PID 996 wrote to memory of 2140	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	97
PID 996 wrote to memory of 2140	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	97
PID 996 wrote to memory of 2140	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	97
PID 4684 wrote to memory of 4408	4684	Unicorn-50050.exe	100
PID 4684 wrote to memory of 4408	4684	Unicorn-50050.exe	100
PID 4684 wrote to memory of 4408	4684	Unicorn-50050.exe	100
PID 3760 wrote to memory of 4680	3760	Unicorn-4881.exe	101
PID 3760 wrote to memory of 4680	3760	Unicorn-4881.exe	101
PID 3760 wrote to memory of 4680	3760	Unicorn-4881.exe	101
PID 2924 wrote to memory of 4668	2924	Unicorn-17378.exe	102
PID 2924 wrote to memory of 4668	2924	Unicorn-17378.exe	102
PID 2924 wrote to memory of 4668	2924	Unicorn-17378.exe	102
PID 4280 wrote to memory of 2676	4280	Unicorn-50553.exe	103
PID 4280 wrote to memory of 2676	4280	Unicorn-50553.exe	103
PID 4280 wrote to memory of 2676	4280	Unicorn-50553.exe	103
PID 4956 wrote to memory of 4676	4956	Unicorn-63049.exe	104
PID 4956 wrote to memory of 4676	4956	Unicorn-63049.exe	104
PID 4956 wrote to memory of 4676	4956	Unicorn-63049.exe	104
PID 4588 wrote to memory of 1976	4588	Unicorn-33890.exe	105
PID 4588 wrote to memory of 1976	4588	Unicorn-33890.exe	105
PID 4588 wrote to memory of 1976	4588	Unicorn-33890.exe	105
PID 2140 wrote to memory of 1156	2140	Unicorn-60448.exe	106
PID 2140 wrote to memory of 1156	2140	Unicorn-60448.exe	106
PID 2140 wrote to memory of 1156	2140	Unicorn-60448.exe	106
PID 996 wrote to memory of 4120	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	107
PID 996 wrote to memory of 4120	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	107
PID 996 wrote to memory of 4120	996	6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe	107
PID 4408 wrote to memory of 2908	4408	Unicorn-20850.exe	108
PID 4408 wrote to memory of 2908	4408	Unicorn-20850.exe	108
PID 4408 wrote to memory of 2908	4408	Unicorn-20850.exe	108
PID 4684 wrote to memory of 4136	4684	Unicorn-50050.exe	109
PID 4684 wrote to memory of 4136	4684	Unicorn-50050.exe	109
PID 4684 wrote to memory of 4136	4684	Unicorn-50050.exe	109
PID 4668 wrote to memory of 3204	4668	Unicorn-53138.exe	110
PID 4668 wrote to memory of 3204	4668	Unicorn-53138.exe	110
PID 4668 wrote to memory of 3204	4668	Unicorn-53138.exe	110
PID 4680 wrote to memory of 1276	4680	Unicorn-408.exe	111
PID 4680 wrote to memory of 1276	4680	Unicorn-408.exe	111
PID 4680 wrote to memory of 1276	4680	Unicorn-408.exe	111
PID 2924 wrote to memory of 1284	2924	Unicorn-17378.exe	112
PID 2924 wrote to memory of 1284	2924	Unicorn-17378.exe	112
PID 2924 wrote to memory of 1284	2924	Unicorn-17378.exe	112
PID 3760 wrote to memory of 4760	3760	Unicorn-4881.exe	113
PID 3760 wrote to memory of 4760	3760	Unicorn-4881.exe	113
PID 3760 wrote to memory of 4760	3760	Unicorn-4881.exe	113
PID 1976 wrote to memory of 1936	1976	Unicorn-62960.exe	114

C:\Users\Admin\AppData\Local\Temp\6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b77acee30c7162209a007924d1bf540_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        8⤵
        Executes dropped EXE
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        11⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        11⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        10⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        10⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        10⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
        9⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        9⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        9⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        9⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        9⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        9⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        8⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        9⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        9⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        9⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        8⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        8⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52144.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        8⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
        7⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        9⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        9⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        9⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        8⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        7⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        9⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        9⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        8⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        7⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        7⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        8⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        7⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        7⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        6⤵
        
        PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        9⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        9⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        9⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        8⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exe
        8⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        8⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        6⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        8⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        9⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        9⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        7⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        7⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        7⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        7⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        6⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 636
        7⤵
        Program crash
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        6⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        8⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30273.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        7⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        6⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        7⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41303.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        5⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        5⤵
        
        PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        9⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        10⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        10⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        10⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        9⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        9⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        8⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        8⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        9⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61609.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
        7⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        7⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        6⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        8⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        7⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        8⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        7⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        6⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        8⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        9⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        8⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        7⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
        7⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        6⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        6⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        7⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        6⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        6⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        6⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        6⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        5⤵
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        6⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54722.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        8⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
        6⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        7⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        6⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        6⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        6⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
        6⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        6⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        5⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
        5⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        5⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
        7⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        7⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37824.exe
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        6⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        6⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        6⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        6⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        5⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        5⤵
        
        PID:17416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      4⤵
      PID:6696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 468
        5⤵
        Program crash
        
        PID:7320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 420
        5⤵
        Program crash
        
        PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
      4⤵
      PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
      4⤵
      PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
      4⤵
      PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41864.exe
        6⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        8⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        7⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        7⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62345.exe
        7⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        7⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62345.exe
        8⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        7⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6202.exe
        6⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        6⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        5⤵
        
        PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        7⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        7⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        6⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        7⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        7⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        6⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        6⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        5⤵
        
        PID:228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        5⤵
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
        7⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        7⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        7⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        6⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        5⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        5⤵
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
      4⤵
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
      4⤵
      PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
      4⤵
      PID:9212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        9⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        9⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        7⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        7⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32242.exe
        7⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        6⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        6⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        7⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        7⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        6⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        6⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        6⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        5⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        7⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32242.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        6⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-972.exe
        6⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        6⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        5⤵
        
        PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28217.exe
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
        5⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      4⤵
      PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
      4⤵
      PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
      4⤵
      PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        7⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        7⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        5⤵
        
        PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
      4⤵
      PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
      4⤵
      PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
      4⤵
      PID:8916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        6⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        6⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        5⤵
        
        PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
      4⤵
      PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        5⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
        5⤵
        
        PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
      4⤵
      PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
      4⤵
      PID:17584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        5⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
        5⤵
        
        PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
      4⤵
      PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
      4⤵
      PID:6288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
    3⤵
    PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
    3⤵
    PID:11204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
    3⤵
    PID:14776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
    3⤵
    PID:3752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58274.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        9⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        9⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        8⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        8⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        7⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        7⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        9⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        9⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        8⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        7⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        7⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64200.exe
        6⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        6⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38002.exe
        9⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        8⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        7⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40931.exe
        7⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        7⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        6⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        5⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        7⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        6⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        6⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
        5⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        5⤵
        
        PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
        7⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        7⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        7⤵
        
        PID:18152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        7⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
        6⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        7⤵
        
        PID:17632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        6⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        6⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
        6⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        7⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        6⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
        5⤵
        
        PID:18172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        8⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        8⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        7⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        7⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        6⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        6⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        6⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        5⤵
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        5⤵
        
        PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        6⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        5⤵
        
        PID:9084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 212
        6⤵
        Program crash
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        5⤵
        
        PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
      4⤵
      PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        6⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
        7⤵
        Program crash
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22392.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        7⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        7⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        6⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        5⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        5⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        7⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        7⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29951.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        6⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        5⤵
        
        PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        5⤵
        
        PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
      4⤵
      PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
      4⤵
      PID:16632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        7⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        7⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        6⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        5⤵
        
        PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
      4⤵
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
      4⤵
      PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
      4⤵
      PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
      4⤵
      PID:9952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        6⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        5⤵
        
        PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
      4⤵
      PID:16424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
    3⤵
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
      4⤵
      PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        5⤵
        
        PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      4⤵
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
    3⤵
    PID:8260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
    3⤵
    PID:11848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
    3⤵
    PID:15416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20610.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        8⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        8⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        7⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        6⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        6⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        7⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        5⤵
        
        PID:5596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 644
        6⤵
        Program crash
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        5⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        5⤵
        
        PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        7⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        6⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        6⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        5⤵
        
        PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        6⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        5⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        5⤵
        
        PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
      4⤵
      PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
      4⤵
      PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
      4⤵
      PID:15976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        7⤵
        
        PID:17744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        7⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        5⤵
        
        PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        5⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        5⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        5⤵
        
        PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
      4⤵
      PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
      4⤵
      PID:15324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
      4⤵
      PID:17912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      4⤵
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49945.exe
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        5⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        5⤵
        
        PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
      4⤵
      PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      4⤵
      PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
      4⤵
      PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
      4⤵
      PID:17732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        5⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        5⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
    3⤵
    PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
      4⤵
      PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
      4⤵
      PID:9616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
    3⤵
    PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
    3⤵
    PID:14988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
    3⤵
    PID:6032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        7⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
        7⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        6⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        5⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        5⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        5⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        5⤵
        
        PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
      4⤵
      PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      4⤵
      PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
      4⤵
      PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
      4⤵
      PID:8172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        7⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        5⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        6⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
        6⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
        5⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        5⤵
        
        PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
      4⤵
      PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
      4⤵
      PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
      4⤵
      PID:10268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
    3⤵
    PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
      4⤵
      PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
      4⤵
      PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
      4⤵
      PID:7708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
    3⤵
    PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
      4⤵
      PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
      4⤵
      PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
      4⤵
      PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
    3⤵
    PID:9532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57186.exe
    3⤵
    PID:14972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
    3⤵
    PID:8912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        5⤵
        
        PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
      4⤵
      PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        5⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
    3⤵
    PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        5⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        5⤵
        
        PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
      4⤵
      PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
      4⤵
      PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
    3⤵
    PID:7448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
    3⤵
    PID:9548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
    3⤵
    PID:14964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
    3⤵
    PID:8352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
    3⤵
    PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29064.exe
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
    3⤵
    PID:8972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
    3⤵
    PID:12004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
    3⤵
    PID:16416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
    3⤵
    PID:11048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
  2⤵
  PID:6056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
    3⤵
    PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
      4⤵
      PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
      4⤵
      PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
      4⤵
      PID:5384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
    3⤵
    PID:11100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
    3⤵
    PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
    3⤵
    PID:6772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
  2⤵
  PID:8220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
  2⤵
  PID:11868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
  2⤵
  PID:15752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
  2⤵
  PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5760 -ip 5760
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2420 -ip 2420
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6696 -ip 6696
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6696 -ip 6696
1⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 9084 -ip 9084
1⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5596 -ip 5596
1⤵
PID:12664

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3960

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:9240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe

Filesize
184KB

MD5
aacc068083309d07dc65132062900a49

SHA1
5e9aff722648bfc654ee03221cc186517130094b

SHA256
5517db0fb8dd0cd94e6f8af4a72172befd865f011883a1f49639e2152dcfb2fe

SHA512
8fc85ce148f44b45402a085b105158eac0cf05af82e3d21a07a955150b7b7ed9026497dadd7bace41a128e58971d80918634801684537723d01147d35d999fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe

Filesize
184KB

MD5
5afec5793f5ce97a4a49e036143305a8

SHA1
0836c63be0d005ef23c37d46096ade56fb92a4cf

SHA256
1e7055477822db37669d2ee00a1e1cbe69c6bc4e1bd3b91695579a9d05e442f7

SHA512
146e904828389c16657f0eb0b19865782f29f5f281039bc34cd1dd7bb14012153e4b5971600ce426a2962886bc6640b65d24827aba4dd2cfe54b114f7421bcc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe

Filesize
184KB

MD5
abc380ab44964e6df45c82db3e245b09

SHA1
62e6a2301cdfc8c00c8954739b0c924b6cdaa872

SHA256
a62f69ae9dd51c310cdc1876c4f4197e7065fe279a97ec0bc9fc9d5b2c997696

SHA512
051de22f04ac63c2243aab7453df0b7d32a6c924cb876f722cfb37d62fb5c8459c766adee8afa8b54526a8e47dc30408f4a17709d3467d33720d04e091f0f74b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe

Filesize
184KB

MD5
1371e6c63b83b0d2a23025956eefd1be

SHA1
8fdc0045b10610a131e0cf97b557f27f97c46f6f

SHA256
c41d4b3c5e505ea53b9b0122d31dd75f83a32d7a93dbe352b6834bf1a531c09e

SHA512
38c4aae4f72ceb05257c2f4bb4cc882a44d66cf91b05c99bfae375de9c3913ac4caec1746ff181cbeb50b5e8665c6e4713d242fa58b39d41800761f0428aad23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe

Filesize
184KB

MD5
005db47a389fb6885ee562a9d031eeee

SHA1
666d0ca07eb8c9f5f5b1d3d597f74e76095e61e4

SHA256
699a0919375aa64b7314d76b52f70731b0ffb6c2b39af3c1cfd5610cf76eb2fe

SHA512
a10fbddaafe7ae7ac3f408303b3774abc4b76aca7febc5da998b96140c7b62b61339f141454d1cc8e68ec36b1ae655b3150488d7ac6b7000e6349c25209669d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe

Filesize
184KB

MD5
fc710870e04f6d29599a82a958bcf758

SHA1
c8220e0212f2cc6f0e145edad01321b5364bb55c

SHA256
b67c13ca3ed47571746217c96494f06213ec782fc91879ceda5bbca0bc6137dd

SHA512
811973205abd856b559505008c87d647dd63e59881203dceed8fdc24c322f3e0c4d67fbd4cf6c426f2259b2f608a0382f33994d15f127002706653d28136ea79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe

Filesize
184KB

MD5
924b59a2af20a909f61be95989910c92

SHA1
a4ab36f8f25aaf5df4fb663124f4c689ab67501a

SHA256
a3e764e6067a8c697a3745a56522a95a9bb815da717be5e0b38cca85b47843d8

SHA512
2efa3d66f7555cd9d3270296208d1f818c182dbbe8316bc295c28ea5d7c85d27467e3bf8bf6a10a17c5bef295a559a8272876bb689ba77fa2554a9a92fea447c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe

Filesize
184KB

MD5
9b5edbdb4e65cb045d32da0a67cce83c

SHA1
c9a543b4a7826fa43ee2c0882c84e20dbd8da7aa

SHA256
8a5f9b5c8a3fe950acfc068a7d13c7d9ce8a5f49b573ed74a7c1128e2b0276ff

SHA512
70fc846b9c58e990533419a4bfcb64c6f23b057ab7030aaae173696dfb2d5b8f6df5d6870e6c2f0256805672d37d7973a4b9c9a65693b8f208dc454f724b5fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe

Filesize
184KB

MD5
0ea44042f8b662f28b193b674120e725

SHA1
e8c73f92385a6761fcb5dea7f2833a05f26bb649

SHA256
35c40222dadd264790d39d033bb01385f6c1eebf60fbbf1f66b68aa2d6311541

SHA512
af59810b3ee42210afa6fe97eaac944746eedd5ddf35c623515ca3d4974455a90b9f23ed9aa92aed30ac6281888ab6bc08f505c1427af6395739c842bc103def

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe

Filesize
184KB

MD5
5d6c5b9c107429c02b441ffe36bda93f

SHA1
06fe3c65661fd165c9178dd2687fe8df72e101cd

SHA256
6881b95d285ac7d868efb8d538bf156cd897835700f753107903e43e549ac1bb

SHA512
d8d9452a1d7509d8693801a55bda6d36b40bc55840e050d28d538223614e254938c38592eb540783ba2aaf3968db635b4bb20f549e41e91c8d67eb77a72f8398

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe

Filesize
184KB

MD5
df705a76e008545028535a5ba4e56e75

SHA1
60b79967ff3398c1384d1013b88f17af2f698e8c

SHA256
c74fc20077e6ca281d5eb01511b32ba457913a4ce0e75f2fcdc3dd4bb75546fc

SHA512
bd959acf569cc42fde07ee1824a9580b78a831a17e5e57786d191dde039f5aedd950918b3c8e04994e4171e97c7438da58eaaa3028145d9086a69b57bbd7903b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe

Filesize
184KB

MD5
949954ee1490553c47198d5d318f9c31

SHA1
c499fcab0f32a254a9a96ca240dc5e50afddb952

SHA256
047637b207984ae1989b52dad400986f4298d1c7a19399ef700acdb91138f79e

SHA512
2248ff86437906bdb7100ba8e5deeb81c00de349029c0b283828071cc1c0b48def3f644498352ad1fe6fcce40c6628264cee4e6e5935828fd3af50cc3d3a9b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe

Filesize
184KB

MD5
6d67c9a179a33f23412bfbf7747dee2c

SHA1
2ff178471fabee007414d07982d06af088716edf

SHA256
18ee7b23c6a86fa8a98c761e5f3bf78c018603de5469d7dcf2a8ab415ad39bc7

SHA512
e1283124ab9ad5367ab482826320b7d83c849b39fc34069cab975c98ed30295c47b047ce13b0d638b4d458d03f991cd57d1d681bc79afd7212b39375b812dc5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe

Filesize
184KB

MD5
65e5ccc77d55ce31a84050c246be87eb

SHA1
c743c42e2266b450c06bcbf65334337c940acf10

SHA256
98575c2f9dbca16a2c857ea299b7b0aeeeb9f0b72d3d1309c99cbce7f1618e36

SHA512
3278bfd10e3f9012806af6cd6b9a231b06a601a0879f8d606d75e1602c4c73125a5358e9d53659d7dd3e8dc424158ca66b8a2ed1e93d05d3080fb8bbcf14a7ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe

Filesize
184KB

MD5
c99e700223a88c686ce1b93b437a5308

SHA1
c1d67f9f511a17b502cf8cfca554a8a122be1151

SHA256
2cddfdfbef44f0b1b1165cf06dddcecc88ad56441020cb03b6a3726c627d92a1

SHA512
7cc40022fe83eb4a45d0d1807cb97575a3902468b91b80d543b413179e75e67fb80427b1ff5e8caf0daa487fb416858f98155dcd91f371cbdb0e512ab8b05927

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe

Filesize
184KB

MD5
b92eae204755311876abd38166e95277

SHA1
3970b31824c68f6fbbb4a9207b39556095833c93

SHA256
1a5b9cbc4006e874ec9368bce9fb22846ec398fa5894b88d0d86c8ed4be8a514

SHA512
b4e74c613a73c77bd0e6be8bfb3db0d81b0b55782289489e347c8f9214006468abfc1a13f0e4f22d45c5df4915fb55e6f7059e4fd8d0be7a143a6b9e5a572b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe

Filesize
184KB

MD5
bfb0e2ecb9307aa5fea631fc562b6f8e

SHA1
bed5d678a19e4f626f6715c172c047ee2f6c1d90

SHA256
82007a5dab491bfce5b02d96201081e300bfc7f18ece5affeea689eaa2372c23

SHA512
b7d0ab7a5d626e12aa7479e4fd8d4f652d1fb56ba0847534255b66802686335f5b3bb1d9d26a428439b63fdb82229525415e308c8c3a334257452ebfccb0b630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe

Filesize
184KB

MD5
7104ad388aeb3a1694c3642350a97fb8

SHA1
412494cb813f61903e915050cc02f766a8422205

SHA256
80b62b3da9a2da616cc4a99609fc7bf999faed6540ab0e4dd39914d743ed876b

SHA512
b96bfa96a421fcdb22bbf06a5b2bf4a6ea57e5b52bd088f5f8967167490915f9073b4c5a54df695048434cbcc0f47eaf1b8f6e737d95fcdeab45b83d9ff346df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe

Filesize
184KB

MD5
9cc23cfd674e1479b24af2466c26e8a0

SHA1
331c35bf01329570a8a1fdad872c5e0e236cb65a

SHA256
54e4cb7eaf4d82ab61bdada98d3d3f4f3924ddd1a0c8395a3d3bb5a1b34ed4ff

SHA512
162bba9bae8bb03dc04f31301d9116d175c8fc0b9b70d5b462f1bf8b160d88863fa8af4a5a2159c8221e4f27a0da9dab1bbc4c8e22772f8bc458ce277c8dd7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe

Filesize
184KB

MD5
6c8457d23863e9a0772439ae7b00e825

SHA1
aa77b711d58191858bdcbede9ddc289ec9ca86d2

SHA256
2f6f50467b76e4613b9fce474993ae576bc4fcfb786a5e7132a71f28d8ae00f7

SHA512
75c4638e8474c80d9300b648e4e8f4449bff09599fd76fe4fa51d843ad0a929011366c9e70d6977aa0d81454f27c768a09950f9b54fa98e2322be13ccbcb609c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe

Filesize
184KB

MD5
bfd0363a6ec7867c64bf7599dbec8313

SHA1
b07970ee2456b83178f700875b68bed74ee523d9

SHA256
561afff883b8183b5ead6fb43a62f2bfca605996ad6c7f039037dd6195f1294f

SHA512
f1376562ab77bb85b9b368ace1b185b01e168e44eb7e6c851a9ccbfc57cae2968305b5d18f2dabd769cb014f4247579669836cb3f86964cfdb38bca6738d135c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe

Filesize
184KB

MD5
3bf68b820c3fb85dd1f55cec8c5e116f

SHA1
aababd0ec36693507d267b3499dc76a252021635

SHA256
fb79d33a3825d45c90433293bb6dea28ea34a9475df3e91b6bb8366a4f5febaf

SHA512
bd7cdc7d204449be2f354cf6e8baae4c42133ba111ca0704371478f20cadde9332529b6a7b265f9d325f0c2644cce44b631ef87caeaf691f52f147c8b0bd86f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe

Filesize
184KB

MD5
3eccaed8069511e6a54065124a4ea77e

SHA1
106713f5e65c7577fdac8011ca89df1c628664d3

SHA256
cc70b12eb1d4c468c684389994bb50181a7a8ffd0b2b36a4ae565aadb6634a34

SHA512
afc2be4143107ca029df2f09918c89f4ff1e805c9c92cf0ae720757e6f24ea7fda1b7ca6a209a860df753f8366aff051268d5f8a2acda144617bee6935fa8708

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe

Filesize
184KB

MD5
2fc635fac9dfd26cb9cd0e721b9a45a0

SHA1
1137e8149e41174f085786ee0f23f260a1b3c5d4

SHA256
9608a3022e1065740e6712e016c7d6fc5ff37192e500c01f9e9f877c15be96ee

SHA512
356be6ae2a16a50e53456f8849c51140461f601f36450611079ea27b6a72621ab92255aaebe34dd3976234b285a8d78f4909c5f22f04667334fcc162830cc298

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe

Filesize
184KB

MD5
64b47a642c044b54a1aa6774e2c91f63

SHA1
6cb39335759acd22c7ecb1a864c36abad37be3e5

SHA256
e1d2cef3f3e0075fc8d77cb41ad11eb92c3f6f74f9b572250ca7c1b54b3c8de5

SHA512
6bc3ee9bd888f6fe74ec19d8b2e720f852b73235972c095c7744b2e8b4d95a163dc212823e227faeb27a1b560a624391c71f00e1cab1aec7a7211ba5b09e6a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe

Filesize
184KB

MD5
37ea5e5de9e244c9c92d5608d96aeb00

SHA1
569338665e1cfe4125acc6a14795c96fee118350

SHA256
457f3aaf020dafa6be035f2aa9c353d829f576198516058ae99dd5b9b7530a3c

SHA512
8190da897ce6b36d56fd2af8a6b4456fcc320a1895ffad78b0c51a9a62404f487896fd48a17b9d7e0b54317ddb34bf6007525576a14b17a7a87f7ae0f6d4a488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe

Filesize
184KB

MD5
fbdcce83f64222b6a6c62c79871790f9

SHA1
66cf74752dc6cbcd8fc1ea2f933c0b13d2e13c6b

SHA256
6559e3edc8d04750ebbe9a3dc5eb8cfa225eeff185c20aac6f023afe04b4355b

SHA512
c1ca721b7a349cce1872dc70e7cd48051f4063dcc8e1e57bd61c0ee8ca3a4809d5927513a4c866eeffb4c113207ae3460c95e2a859c8bf99765ad8da3a682180

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe

Filesize
184KB

MD5
2d93edff9a7c4104394192cfe765e0e3

SHA1
6c82f50e20f00d1329bbdca52b22f86b957941c7

SHA256
1c49366a13c28f7f09b1a1b20da2f2e1885a96551a6a1ef013cb0dc0a5cd0a55

SHA512
423ee1c9ac3a2dbc6f384be66089158d22fd7e0185e84e10047345bfd8d34b5b291ccafa675fdbe1eeee6776f12ec899c1804c1e99038153d78183f9ea5abb49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe

Filesize
184KB

MD5
d78d4a1d2774d28647cc90a0cd716a97

SHA1
c4374657121e6e3d082402f9513b0e536852e433

SHA256
d8184495b3ea91f39ea694c80349786d0f06c208b8d97b2af306af461ea4128e

SHA512
36db0bbf16f62099fa412ef84b52c870fea2febacf67db3cb7f071bada02bbb9479bb1aedec2d449421c031689018f7ea18551a00dde331a718d969e2d996416

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe

Filesize
184KB

MD5
b719028da615ed2d80a04f2c9aa9c39b

SHA1
e0f1e0600ab3f99fdf416e97c3ee9d81d9d107b8

SHA256
d77068ff826bc3a7947abc2147fd11c312212eea393443e6464b40d546b1b27f

SHA512
e996cc2edc4130013575f4173c47412f1ead08d1c6c133268165f3e97a5cc6af8ac7fc9c9c30fbfe3f6baf71393e9c4c221f3311939c75435019b84674eaeeb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe

Filesize
184KB

MD5
a2de20749b1583a6b7694a29f11d5b30

SHA1
4e263c4b15901a0e6442a1d607480d71d53ae793

SHA256
93771950ea3712f71b83ae17bdf9d3da69db03bd61c849cd42a485fa5313f77f

SHA512
1aad9bb9af5f9e3f350807b436b6f5fdea5654d2e10411255daa25f372c60bd368d74a0507fe9f7b6cec4a778d61e0fd066e10a2ab2adc5e59b0fa1161f30839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe

Filesize
184KB

MD5
ad84c482a8a335c2187db3ffd0b71818

SHA1
0f5ba8ea59c7e1f13ae4e57b415452c379cb3ef4

SHA256
4e42c94e1555325453b8ea9b6d841776759d3c2351588eb4aeb65754e7b2fc3b

SHA512
97b8cacfb546b5519350354868f381952174487da9e5b299c388926d8ac508517ee5ef11e3bf3a008cab44cfc0aebcc18a6e5b7c1dc64afbe692e35c25cb2953

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe

Filesize
184KB

MD5
d090c5104b630eb40c51b40bfa9df9aa

SHA1
419480edbe5d5269ee2dad0418b9c66f359a99f7

SHA256
cce72a8246e3e3ea39df9d243c2b9f7d57833966dbc8bf0897e6aee88c2084f2

SHA512
556319b0ff6b7a69641934a198e33280afb936e40e08ca594cc3e309b742ca8cfe7fa61cf2080449be20cd3b807d01d592edcf2336cb82f39266fcdab06869fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe

Filesize
184KB

MD5
d621115e875f5cdcf31661eed8507cc1

SHA1
4e4c2831e8addb66c004a7bb6369c0f1e3bbaa76

SHA256
a04a3ed038ee0eef05e085859165b08c4c222e5801c1be9cc86daaa6da6494f4

SHA512
36963851225002d279f8b6c27f98ebb217e15e70986833829afa65a5dca294ef65ba2854c10d909c5aee7128f9034764536d356918b24a777722126ce6675651

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe

Filesize
184KB

MD5
a6fcc045ef1a0725b4db9d1ac4f583c7

SHA1
01fa68687aed46af14f55f924004c0f0d766169d

SHA256
14910bf71ced4142138c12eed5433e04c7d2e14c31216e8644a2d298bdc2d11c

SHA512
1e1b46d043651514a2e42c4dd60c29fbc898f015dd0b5ed55ddba76a5f7fb29d2ae4a6e62622625d233691fd69683ceb2e6e4c7031d762dc8ad5d9ad95fbd737

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads