550c2b42372edb50ca1ec72ea27e2ced68ffb1b7e7171fdf8a10cf7493bdabca

Analysis

max time kernel
145s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 12:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe
Size

184KB
MD5

09175b8a9b9cfbf087a35e9b5f05dc30
SHA1

6a2e92f2553a82c3f5b19a99314df805fd40eed0
SHA256

550c2b42372edb50ca1ec72ea27e2ced68ffb1b7e7171fdf8a10cf7493bdabca
SHA512

8a0f33689649ae371ac85aa3fe34102e75911357c8738853d6589838396310f157e3769c35155af1c0e8ca32b020f37f7a9b0ba4c3fa3942dcc6e8bea9f210b0
SSDEEP

3072:64Y6Rnoj/Ha/dtXOWr9KbkzJlvnqnvibYr7:643oeltXXKwzJlPqnvibYr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3932	Unicorn-16583.exe
2056	Unicorn-27055.exe
4928	Unicorn-31501.exe
4132	Unicorn-25083.exe
2784	Unicorn-16915.exe
896	Unicorn-62586.exe
3876	Unicorn-35289.exe
1816	Unicorn-43495.exe
3164	Unicorn-39965.exe
2800	Unicorn-44839.exe
4044	Unicorn-40490.exe
4348	Unicorn-41309.exe
2228	Unicorn-40755.exe
1224	Unicorn-53007.exe
3736	Unicorn-46877.exe
4152	Unicorn-54714.exe
3704	Unicorn-9042.exe
1260	Unicorn-19248.exe
4944	Unicorn-25379.exe
5044	Unicorn-59203.exe
2868	Unicorn-64034.exe
2104	Unicorn-1642.exe
3300	Unicorn-54927.exe
3600	Unicorn-18171.exe
2640	Unicorn-18171.exe
3004	Unicorn-1072.exe
536	Unicorn-3872.exe
3060	Unicorn-34242.exe
5008	Unicorn-55674.exe
3604	Unicorn-114.exe
4600	Unicorn-24619.exe
3132	Unicorn-18488.exe
616	Unicorn-62122.exe
1868	Unicorn-28895.exe
3652	Unicorn-53399.exe
4620	Unicorn-53134.exe
2828	Unicorn-49678.exe
4648	Unicorn-26656.exe
4704	Unicorn-9242.exe
1400	Unicorn-21495.exe
3168	Unicorn-25579.exe
5100	Unicorn-38577.exe
4832	Unicorn-33939.exe
1496	Unicorn-9050.exe
4628	Unicorn-46554.exe
384	Unicorn-58806.exe
4380	Unicorn-7004.exe
3788	Unicorn-33747.exe
1876	Unicorn-58251.exe
1620	Unicorn-13881.exe
4532	Unicorn-2728.exe
3176	Unicorn-62143.exe
3564	Unicorn-58614.exe
4352	Unicorn-53014.exe
2028	Unicorn-4509.exe
2276	Unicorn-4012.exe
60	Unicorn-6118.exe
4884	Unicorn-2589.exe
1492	Unicorn-38983.exe
2956	Unicorn-30550.exe
1380	Unicorn-30815.exe
4568	Unicorn-39537.exe
4324	Unicorn-7462.exe
4336	Unicorn-44411.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
2656	4348	WerFault.exe	109
10556	5192	WerFault.exe	207
13256	7764	WerFault.exe	314
14268	5164	WerFault.exe	206
15056	5808	WerFault.exe	218
15800	5808	WerFault.exe	218
2672	17624	WerFault.exe	878
2508	18188	WerFault.exe	895
17948	17976	WerFault.exe	889
18248	60	Process not Found	156
6664	10012	Process not Found	438
15004	19308	Process not Found	1249
8744	13060	Process not Found	1337
17848	10012	Process not Found	438

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1220	Process not Found
Token: SeChangeNotifyPrivilege	1220	Process not Found
Token: 33	1220	Process not Found
Token: SeIncBasePriorityPrivilege	1220	Process not Found
Token: SeCreateGlobalPrivilege	7828	Process not Found
Token: SeChangeNotifyPrivilege	7828	Process not Found
Token: 33	7828	Process not Found
Token: SeIncBasePriorityPrivilege	7828	Process not Found
Token: SeCreateGlobalPrivilege	10024	Process not Found
Token: SeChangeNotifyPrivilege	10024	Process not Found
Token: 33	10024	Process not Found
Token: SeIncBasePriorityPrivilege	10024	Process not Found

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
18416	sihost.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe
3932	Unicorn-16583.exe
2056	Unicorn-27055.exe
4928	Unicorn-31501.exe
4132	Unicorn-25083.exe
3876	Unicorn-35289.exe
2784	Unicorn-16915.exe
896	Unicorn-62586.exe
1816	Unicorn-43495.exe
3164	Unicorn-39965.exe
2800	Unicorn-44839.exe
4044	Unicorn-40490.exe
4348	Unicorn-41309.exe
1224	Unicorn-53007.exe
3736	Unicorn-46877.exe
2228	Unicorn-40755.exe
4152	Unicorn-54714.exe
3704	Unicorn-9042.exe
1260	Unicorn-19248.exe
4944	Unicorn-25379.exe
5044	Unicorn-59203.exe
2868	Unicorn-64034.exe
2104	Unicorn-1642.exe
3300	Unicorn-54927.exe
3600	Unicorn-18171.exe
5008	Unicorn-55674.exe
3004	Unicorn-1072.exe
2640	Unicorn-18171.exe
3060	Unicorn-34242.exe
536	Unicorn-3872.exe
3604	Unicorn-114.exe
3132	Unicorn-18488.exe
4600	Unicorn-24619.exe
616	Unicorn-62122.exe
3652	Unicorn-53399.exe
1868	Unicorn-28895.exe
4620	Unicorn-53134.exe
2828	Unicorn-49678.exe
4648	Unicorn-26656.exe
4704	Unicorn-9242.exe
3168	Unicorn-25579.exe
1400	Unicorn-21495.exe
4832	Unicorn-33939.exe
4628	Unicorn-46554.exe
5100	Unicorn-38577.exe
1496	Unicorn-9050.exe
384	Unicorn-58806.exe
4380	Unicorn-7004.exe
3788	Unicorn-33747.exe
1876	Unicorn-58251.exe
3176	Unicorn-62143.exe
4352	Unicorn-53014.exe
1620	Unicorn-13881.exe
2276	Unicorn-4012.exe
3564	Unicorn-58614.exe
4532	Unicorn-2728.exe
2028	Unicorn-4509.exe
60	Unicorn-6118.exe
4884	Unicorn-2589.exe
2956	Unicorn-30550.exe
1380	Unicorn-30815.exe
1492	Unicorn-38983.exe
4568	Unicorn-39537.exe
4324	Unicorn-7462.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 3932	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	92
PID 3552 wrote to memory of 3932	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	92
PID 3552 wrote to memory of 3932	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	92
PID 3932 wrote to memory of 2056	3932	Unicorn-16583.exe	95
PID 3932 wrote to memory of 2056	3932	Unicorn-16583.exe	95
PID 3932 wrote to memory of 2056	3932	Unicorn-16583.exe	95
PID 3552 wrote to memory of 4928	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	96
PID 3552 wrote to memory of 4928	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	96
PID 3552 wrote to memory of 4928	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	96
PID 2056 wrote to memory of 4132	2056	Unicorn-27055.exe	100
PID 2056 wrote to memory of 4132	2056	Unicorn-27055.exe	100
PID 2056 wrote to memory of 4132	2056	Unicorn-27055.exe	100
PID 4928 wrote to memory of 2784	4928	Unicorn-31501.exe	102
PID 4928 wrote to memory of 2784	4928	Unicorn-31501.exe	102
PID 4928 wrote to memory of 2784	4928	Unicorn-31501.exe	102
PID 3552 wrote to memory of 3876	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	103
PID 3552 wrote to memory of 3876	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	103
PID 3552 wrote to memory of 3876	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	103
PID 3932 wrote to memory of 896	3932	Unicorn-16583.exe	101
PID 3932 wrote to memory of 896	3932	Unicorn-16583.exe	101
PID 3932 wrote to memory of 896	3932	Unicorn-16583.exe	101
PID 4132 wrote to memory of 1816	4132	Unicorn-25083.exe	104
PID 4132 wrote to memory of 1816	4132	Unicorn-25083.exe	104
PID 4132 wrote to memory of 1816	4132	Unicorn-25083.exe	104
PID 2056 wrote to memory of 3164	2056	Unicorn-27055.exe	105
PID 2056 wrote to memory of 3164	2056	Unicorn-27055.exe	105
PID 2056 wrote to memory of 3164	2056	Unicorn-27055.exe	105
PID 3876 wrote to memory of 2800	3876	Unicorn-35289.exe	106
PID 3876 wrote to memory of 2800	3876	Unicorn-35289.exe	106
PID 3876 wrote to memory of 2800	3876	Unicorn-35289.exe	106
PID 3552 wrote to memory of 4044	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	107
PID 3552 wrote to memory of 4044	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	107
PID 3552 wrote to memory of 4044	3552	09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe	107
PID 4928 wrote to memory of 4348	4928	Unicorn-31501.exe	109
PID 4928 wrote to memory of 4348	4928	Unicorn-31501.exe	109
PID 4928 wrote to memory of 4348	4928	Unicorn-31501.exe	109
PID 2784 wrote to memory of 2228	2784	Unicorn-16915.exe	108
PID 2784 wrote to memory of 2228	2784	Unicorn-16915.exe	108
PID 2784 wrote to memory of 2228	2784	Unicorn-16915.exe	108
PID 896 wrote to memory of 1224	896	Unicorn-62586.exe	110
PID 896 wrote to memory of 1224	896	Unicorn-62586.exe	110
PID 896 wrote to memory of 1224	896	Unicorn-62586.exe	110
PID 3932 wrote to memory of 3736	3932	Unicorn-16583.exe	111
PID 3932 wrote to memory of 3736	3932	Unicorn-16583.exe	111
PID 3932 wrote to memory of 3736	3932	Unicorn-16583.exe	111
PID 4132 wrote to memory of 4152	4132	Unicorn-25083.exe	112
PID 4132 wrote to memory of 4152	4132	Unicorn-25083.exe	112
PID 4132 wrote to memory of 4152	4132	Unicorn-25083.exe	112
PID 1816 wrote to memory of 3704	1816	Unicorn-43495.exe	113
PID 1816 wrote to memory of 3704	1816	Unicorn-43495.exe	113
PID 1816 wrote to memory of 3704	1816	Unicorn-43495.exe	113
PID 2056 wrote to memory of 1260	2056	Unicorn-27055.exe	114
PID 2056 wrote to memory of 1260	2056	Unicorn-27055.exe	114
PID 2056 wrote to memory of 1260	2056	Unicorn-27055.exe	114
PID 3164 wrote to memory of 4944	3164	Unicorn-39965.exe	115
PID 3164 wrote to memory of 4944	3164	Unicorn-39965.exe	115
PID 3164 wrote to memory of 4944	3164	Unicorn-39965.exe	115
PID 2800 wrote to memory of 5044	2800	Unicorn-44839.exe	116
PID 2800 wrote to memory of 5044	2800	Unicorn-44839.exe	116
PID 2800 wrote to memory of 5044	2800	Unicorn-44839.exe	116
PID 3876 wrote to memory of 2868	3876	Unicorn-35289.exe	117
PID 3876 wrote to memory of 2868	3876	Unicorn-35289.exe	117
PID 3876 wrote to memory of 2868	3876	Unicorn-35289.exe	117
PID 4044 wrote to memory of 2104	4044	Unicorn-40490.exe	118

C:\Users\Admin\AppData\Local\Temp\09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\09175b8a9b9cfbf087a35e9b5f05dc30_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        9⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        11⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        11⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        11⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        10⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        10⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        10⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        9⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        9⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        9⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        9⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        9⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        9⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        10⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        9⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 712
        9⤵
        Program crash
        
        PID:15056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 712
        9⤵
        Program crash
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        9⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        9⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        9⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        8⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        8⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        9⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        9⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        8⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        8⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        9⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        9⤵
        
        PID:18188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18188 -s 460
        10⤵
        Program crash
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        7⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        7⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        7⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        9⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        9⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        9⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        9⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
        8⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        8⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        7⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        6⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        7⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        7⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        6⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
        6⤵
        
        PID:18368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        9⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
        10⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        10⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        10⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        9⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 660
        9⤵
        Program crash
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        9⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        9⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        8⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        9⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        9⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
        9⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        9⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 636
        8⤵
        Program crash
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        8⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 664
        8⤵
        Program crash
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        9⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
        9⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        8⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        7⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        8⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        7⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        7⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        7⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
        6⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        9⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        9⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        8⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        8⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        8⤵
        
        PID:17792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        7⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        8⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        8⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        8⤵
        
        PID:17532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        7⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32328.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        6⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        8⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        8⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        8⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        8⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        7⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        7⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        6⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        6⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57957.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        8⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        9⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
        7⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        8⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        7⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        7⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        7⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7152.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        6⤵
        
        PID:18020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        7⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        6⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        6⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56139.exe
        6⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        7⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        6⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        5⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30947.exe
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        5⤵
        
        PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        6⤵
        Executes dropped EXE
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        9⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        9⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        7⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        7⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        7⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3169.exe
        7⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1593.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        6⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        6⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34375.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        8⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        7⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        7⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        7⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        5⤵
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        6⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        5⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
      4⤵
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        6⤵
        
        PID:18384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        5⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        5⤵
        
        PID:17944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        5⤵
        
        PID:17976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17976 -s 464
        6⤵
        Program crash
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
        5⤵
        
        PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
      4⤵
      PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
      4⤵
      PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28917.exe
      4⤵
      PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        10⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
        10⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        10⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        10⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        9⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        9⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        8⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        9⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        9⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        8⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13740.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        7⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        8⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        8⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3476.exe
        8⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3041.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        7⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        7⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        6⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        6⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        8⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        7⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
        7⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        7⤵
        
        PID:17704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62277.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        6⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        6⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        6⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        7⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        6⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        6⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        6⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
        5⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52922.exe
        6⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        6⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51230.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        5⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        5⤵
        
        PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        6⤵
        
        PID:17072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        6⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        5⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        6⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        6⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
      4⤵
      PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
      4⤵
      PID:9488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        7⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        7⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        6⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        6⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        5⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        6⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
        5⤵
        
        PID:18264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
      4⤵
      PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
      4⤵
      PID:364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
      4⤵
      PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48333.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        5⤵
        
        PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
      4⤵
      PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        5⤵
        
        PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
      4⤵
      PID:7764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        5⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
      4⤵
      PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
      4⤵
      PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
      4⤵
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        5⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        5⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
      4⤵
      PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
      4⤵
      PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
      4⤵
      PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
      4⤵
      PID:4252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
    3⤵
    PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
      4⤵
      PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
      4⤵
      PID:18116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
    3⤵
    PID:10004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
    3⤵
    PID:14320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
    3⤵
    PID:17900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        9⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        9⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        9⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        9⤵
        
        PID:17816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        9⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        8⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
        8⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        7⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        7⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        6⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
        5⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        8⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        8⤵
        
        PID:17632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        7⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
        7⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        7⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        7⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28312.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        5⤵
        
        PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        6⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        7⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        6⤵
        
        PID:100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
      4⤵
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
      4⤵
      PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
      4⤵
      PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
      4⤵
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 632
      4⤵
      Program crash
      PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        6⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        6⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        6⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        6⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        5⤵
        
        PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
        6⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        5⤵
        
        PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        5⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        5⤵
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
      4⤵
      PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
      4⤵
      PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        6⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
        6⤵
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
      4⤵
      PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
      4⤵
      PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
      4⤵
      PID:16252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe
      4⤵
      PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
      4⤵
      PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
      4⤵
      PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
      4⤵
      PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
    3⤵
    PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
      4⤵
      PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
    3⤵
    PID:11036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
    3⤵
    PID:15268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
    3⤵
    PID:17860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
    3⤵
    PID:5808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
    3⤵
    PID:5316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
        6⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        8⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20063.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        7⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        7⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        6⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        6⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        7⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        6⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        6⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        5⤵
        
        PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        6⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        5⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        5⤵
        
        PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        5⤵
        
        PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
      4⤵
      PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
        7⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        7⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
      4⤵
      PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
      4⤵
      PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
      4⤵
      PID:528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        5⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        5⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
      4⤵
      PID:16640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
    3⤵
    PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        5⤵
        
        PID:17380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
      4⤵
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
      4⤵
      PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
      4⤵
      PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
    3⤵
    PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
      4⤵
      PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
      4⤵
      PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
    3⤵
    PID:8892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
    3⤵
    PID:14328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
    3⤵
    PID:9820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
    3⤵
    PID:1624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        7⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        6⤵
        
        PID:17624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17624 -s 464
        7⤵
        Program crash
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        6⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        6⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        6⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        6⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        5⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        5⤵
        
        PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        5⤵
        
        PID:16088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
      4⤵
      PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
      4⤵
      PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
      4⤵
      PID:18112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
      4⤵
      PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        5⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        5⤵
        
        PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
      4⤵
      PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
      4⤵
      PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
      4⤵
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
    3⤵
    PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
      4⤵
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
      4⤵
      PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      4⤵
      PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
    3⤵
    PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
    3⤵
    PID:9144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
    3⤵
    PID:15228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
    3⤵
    PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
    3⤵
    PID:2324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        6⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        7⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        7⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        5⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        5⤵
        
        PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      4⤵
      PID:14960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
    3⤵
    PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        5⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        5⤵
        
        PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
      4⤵
      PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
      4⤵
      PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
      4⤵
      PID:5500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
    3⤵
    PID:7488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
    3⤵
    PID:10868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
    3⤵
    PID:15028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        5⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
      4⤵
      PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
      4⤵
      PID:13872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
      4⤵
      PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
      4⤵
      PID:3740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
    3⤵
    PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52181.exe
    3⤵
    PID:12028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
    3⤵
    PID:16404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
    3⤵
    PID:14876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
  2⤵
  PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
    3⤵
    PID:10824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
    3⤵
    PID:4400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
  2⤵
  PID:7876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
    3⤵
    PID:16980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
    3⤵
    PID:18180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
  2⤵
  PID:10412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24669.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24669.exe
  2⤵
  PID:14940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
  2⤵
  PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4348 -ip 4348
1⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5192 -ip 5192
1⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7764 -ip 7764
1⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5164 -ip 5164
1⤵
PID:14132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5808 -ip 5808
1⤵
PID:14792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5808 -ip 5808
1⤵
PID:16220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 16976 -ip 16976
1⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5824 -ip 5824
1⤵
PID:17988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 18188 -ip 18188
1⤵
PID:16652

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:18416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe

Filesize
184KB

MD5
eb438a7ec9c350862c5e2ef1d19bf7e4

SHA1
69c906b617a25338f022a6f269c4a3d9d3ffd72d

SHA256
3d08dba4b863537b4fa6909234c5b00bd917762692e91ffcee0a4b1bf78e23c4

SHA512
03fe6706c53d0e84bdccdc68ef906381d9bdfca4419bbb4b77c8455889892630d91c2baa49859db4687816e277bf8e968f94809a35ae27f6a14ff75fabcdb2e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe

Filesize
184KB

MD5
df7e6ed4b28e7edc90ba08a88baa6a36

SHA1
13e1a72952bf82f4635a7d84b753c0e38b494a33

SHA256
8b1f3a95411ab73dc0113ae96d2149fd053577321617c49354a59636829181b9

SHA512
9cf970bdeff74c84b5466bcc834a12851bada408569622ef65c6efad08a94123dbbdd47f4bf1a53c73ed859aa1774b4d39af2ce82319fc3edc311d138b93829a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe

Filesize
184KB

MD5
20918d852a4c4301a8579d8597d4a184

SHA1
86e8c8aed0673ace655a23e2e0b9c23097c257b8

SHA256
f0154be562b51d260d75800be51d844fe1834ddc32b4b22ae665f56abb8b6faa

SHA512
23cd0768661f3ba4dc2419acfb52dc0e5b2a1fc4a6b0e84cb3834ebaf882bf580fab71aa4dc09fd79dec6a6bf4275f4f324ed7cfaa93ef0318cd9b97ac368dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe

Filesize
184KB

MD5
3aebce0b0251fdaf9cc513a7f3ed661a

SHA1
e7b057970c5dd06f89d9d46c9f9d214b0ad7e2cc

SHA256
37ebfeb97a38e4693b530bcdcf2c5f58bbfe1e42406865b068ca086c4b415334

SHA512
7078e94f9480a21b9d7bca9c643dd08fd4197343431d184917b9c5de09a6ac0af71fb06e38592bac73664630292a6cf61ad4264ede8788dc34fc24d7c15d1597

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe

Filesize
184KB

MD5
710f906198b6d65643fa1fda1f518a80

SHA1
d7ca55fa610afe4629d95ce3cd39673be59c9434

SHA256
ba1982a5a9a6ccc4f383d2c31504a7fb6416792b12da48ec0ea46d6fa2725fa6

SHA512
2cc2489caaaba4b23620a4bd9581cfa2fac8cae844724a8b3985b89aafdd769cedc625889e56cb8e6734aa57c99b439e44cf68154edc28ee6193e3ec341674bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe

Filesize
184KB

MD5
52f6abf9be98f26abf501210c2e6ee23

SHA1
172408ed56261c2102f5e96fabcbc0cb882e7b1b

SHA256
d096b36af9600208f119488fdf830a1ef8ad58ced0f7f4b7779443ac99792acd

SHA512
e7e2521d052db950c24ae0fe066477d2bf7cd10ea82f4399e35e35f1e60216098cd84a095fbfcacd0d8ed47457b0f3209d4d1b877d58fd36c3a57a2e7fd44242

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe

Filesize
184KB

MD5
45040c5c0cbba821ce9ec543dad2e21f

SHA1
71f1e47be35221f57cfc8f154fb0f3a8b3880b46

SHA256
e6c85ed51f31fc229a06f99d08cd436185dc349a42d47e8cddcac0daefe5b6f3

SHA512
225f94352a528608d4fb471509851b0fede8bec5454f0d19f7003ff745a10240e17fa7ef1d98cb2b255da6a8128dc49cbec6cf34018a7c3cd2d9395ed7ba1f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe

Filesize
184KB

MD5
83f7f8664b5d2e54526f5a078943114e

SHA1
12b38c457f2df0d150ef2044741a5d2d12105cdc

SHA256
69c56655aa852d40d4eb4cb3449f5923a398e0d0d0e74538a7484e5be7e3551d

SHA512
6d8764da09e88738f50ce75dc7a9de40a719248f0afd7d29dfcc54b984adba384813cbb78a924c4d5dd4e1ca7a44b215e80d4ed94075ad7c65c792ce68e28580

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe

Filesize
184KB

MD5
d1564948660b0f074578798b3dad9feb

SHA1
2a9f00ab8e68621986591af836128e4b72c6bcec

SHA256
43f3d2790acf80b85d66a3cd969f9f5ddc7d0a4e9de8e643bcd2445422cc267f

SHA512
4b7f60ff530bfeda549326f21c2b43dc38b3f64149dac65c98e99bf714a2f66c027c930e9d6fe382bdb4f846645c3806b9034654d6a22a279e561b87f5aae85b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe

Filesize
184KB

MD5
5678479f22ac4c8c6e02f0b23b79cc0d

SHA1
fc95575d1ceea0266ec9301da35db23085d179b9

SHA256
1ae27d189aeb442e7fc7ac8e3d896c19de0e837879a1ce2cc53b8a7515d88d2d

SHA512
fbafba7f6844da862a20cf5a8f62951ee583d9bb0e08271f4dd32500e740cdf538b97bff45c77f50c453babfab88aab1d7ee0a6f7cb55c81f1befe4b0d7e05ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe

Filesize
184KB

MD5
a2d626350b94015300f701152ff80a9e

SHA1
534508ba3148839c8cea585cacd2dae0a2c1e614

SHA256
34c504ac26400e8398782ee524e0f176a6b222b2cb46a7c220588ad614273518

SHA512
66fcb71a85221cd247f07abcd92807c2e1ab978feb1d016e5e6dd4606bb80c549b7b49b69d65a032cc5cebe4c09cc19f6960ac99e227e06c0935020c08ef11e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe

Filesize
184KB

MD5
c9e908ed7868f8213fb4203a59771107

SHA1
db3bf4602e4d70b17262f975dc15ab46f606d8ed

SHA256
6c90c560a64812f1082c723cb3fbbb478b428e88219ab25e0eda45d082640fe7

SHA512
8a62ad88057074b253bd5949d5c73d41a2e5762c047531d364d714cdb9929a5e7ecbe865e710f78ffb4b2de4404df0b50e3b0970fe43e4d889b1fdbd22109409

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe

Filesize
184KB

MD5
08c36f303b876232fe339bcff75b09d8

SHA1
388a1915eaa81eecdba52ae0ee13770b2b915951

SHA256
3f179d843899645f7e9d10ffc681c95a0d565dcda9d1641bddab3077ec7c3a0d

SHA512
7369c252431a3b9427f8f5b7895b746fe3ed9daf7e6126b69c8fc60a8c65eba5bd33c100deccb441c156aff23f790a67eef834d86c3a29ef608b234e8d2a4a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe

Filesize
184KB

MD5
0b1c25ee30831659caf28326221c8431

SHA1
965e7c184af3f369d6ff472e5c162ac58497d557

SHA256
0f26c65f9fa7685f6613c36ea6eb0536cc02ec4bd8c9b1bd04d1e313592c9536

SHA512
8c95031b447e1e1b4389a842f828e65739aeb1e2d4e5e5256b72274f147c17853cbe8096a0dece23934c2aebd21b49483e78ea379975410c0b5a35895f53d206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe

Filesize
184KB

MD5
37aec95a0ee75ea34bc5dbfb067c375c

SHA1
6f78a416c30ab6eb7d9070fb390c81bc0e3e2410

SHA256
687f00e99c85466e6f6871d3a6119dc79b1f199c200d8cd6e1b92ccf84575251

SHA512
843caa9867f5ecdf7a449d578978bf249ed772da1a8c1f96262fc55055f61a67381de4fde8539061627467c3a6c06145d0fd735ca2a243e67af07037208be212

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe

Filesize
184KB

MD5
ff37f6e5e79778bd58b7bef1bbee63ac

SHA1
64dc2c823ce23b3c5b010952c503ae963e316f79

SHA256
31586b8d8cb82370d7809260af36f47670e9a35a0ef4d86678e16985f22e8708

SHA512
930b2d19652aac393f0cb9589e776cfa748dd277a0af59ed07f6f5dca83ffc5dd89c90ccb41a97cf9d0cabbaa994bf4c95bb720d098ef0aac218c15bb67d1562

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe

Filesize
184KB

MD5
7a7325d2d00635fd9f0739a9e02b2a51

SHA1
c23372a603c3dbc26d21415c7dc1c1f50e6466f8

SHA256
4040adcdeb586d9f18e6bf823f4beee641bac1f2bc5c2c36b8eac56be33c4e43

SHA512
574606c9936f2df98ed672488dc5b85c5bcc90728d963303761ed0ec8f927c799f34db51218f1b5b23b41167866e3d3865e54361c96a6c2237369aef34be99dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe

Filesize
184KB

MD5
2121ab5fb8ddf71cba4e474898586f1a

SHA1
0ff2ad03cb1c269e07a71a03c1b65050889165e7

SHA256
7be2c9046821864f1902b00250682346f428a767de03a3ea3c9dd941a29f7f0a

SHA512
561f9d45eed531c787cbb404c434747cd0f543f8480c3a0f6b62e577af741a7f235b802600660d02eae7955bc15eef5f02670ee7c29b47b5fac7e1620b84df32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe

Filesize
184KB

MD5
102409077b6437a5346c6143bf5de5bb

SHA1
22b7d251d29406689499f95175bb64dd37ba4e40

SHA256
819f61f10714cd7a21da706ac790b61763ee6b9d59f23a186a316128b10ac580

SHA512
0785af31deb5d2fb281971e6d64bb24c2194a4b1173b4b2ba3210b4c5be5665f1e38f03e5e27b55fbdcb6c3fbcaf37e021459afb1c2adf718433d6fd8ae21ab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe

Filesize
184KB

MD5
197b8289882a09435ebebfb2e7d60ddf

SHA1
5d7d5c6fd340340386a0e7f48e76e4db9ad66db3

SHA256
2d1ce545564b7780ce3d2c6aa5f5c5a8c68ea3a579b8e8a505ca60cf7855e934

SHA512
0e895f55e9340554ed039ce200d21c87d10cd74d0ae3cc66eeb54627e59560aeeea4db025c43dd92087961abbd81e8b2b6a760e4994d801551c7472a615140fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe

Filesize
184KB

MD5
39ef5dcd383b938bb5331e1aeef3792f

SHA1
53306c8d35b457f8c575b3ac94dffc1911040d24

SHA256
469c1112f53d8a4d6a1e3e0fe096591a97613241e723c80f5563ced88e840ea7

SHA512
91e09a558de1113f91b10c968463681023b83cfb4f0098c26b36830152133b4581067ef3ca09a990fde9b3139bcc5923e028fe7ee09e7a304ea830c1bc60da63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe

Filesize
184KB

MD5
e5b644ec38f4f0d283a160c46ca68de9

SHA1
5e0328b87421d0339d2059a450198dbf1ed91c5f

SHA256
8af2750d511e35883f0c0ed249a21bf736f6f939b4c1a747bef84c2bb99f0885

SHA512
4b6929cd043d8f0ef779761ad9f4dc1cf98e0e357f9356da3fa5d2c11c744236285b4298a369c33ef74c5e120a76bd24f76ebb6f7fefc5fd221456685e4312b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe

Filesize
184KB

MD5
a79c52b5e688371ff4c3f63abd343aa6

SHA1
a96f1025234cfedd6694dc1d80e74b029bd8a92a

SHA256
c2a8b420054f2e6e2b204557340bfdec30689425462143da64c4701c59dfb5a5

SHA512
e1d733b99c6198c9059c7aa5c48aa024c3836908d95127bc1fc2758de49dd4a57cab019b57aa1bec9fce16788b26ae1a0d8b7478acde7a0296ecac3d746e0d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe

Filesize
184KB

MD5
3b73470de4bc2a8c25d0ef9450790d2e

SHA1
bf82cccad08c2f427ed5d5ec4def26e366ac843f

SHA256
87e0d528f83c2e25e1873ea26c31d3bea700aefe89628ff4d81b640664bd813c

SHA512
455ff43f8665ea213a6d5980b453a79c364dbd3de1e574661a122060da414dd21fa3c8031c3d2908c64d042bcb24ff8022ff9a61fb6d81dc61b4d925e312f120

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe

Filesize
184KB

MD5
426f223ebcc139262259d363591bca32

SHA1
093784d8227813db88fd1bef42186e9cb61ee221

SHA256
e5611ed2a79dd94f68b11355cf6ff9298329a15e10a5453ba5b92624453d7977

SHA512
aa179f17f09e7f6db5434bc07c87a8c04fbd707e1fafef1a96f9c4012e815be3c416d8e9c116ecd6fe4d163a3e87cc44f8e7353fc78397735b333279138ff2fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41583.exe

Filesize
184KB

MD5
d90811a7a42af0ef1325b0faa56cb4e6

SHA1
41bbefa03f1515f817bb09c01ff4efab6edea1f4

SHA256
90a38afc4b7b7f765aac6ee1f7470e4595f16dffe325276726cb4bdee6626a99

SHA512
7791147813fed6ec94af3321b015b31edb4131fdf16c4db94f4681e087b63fa79616130b5d2328659388bb5af3d2ba1738637748c26aa1f7ee26a7bfb341ffc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe

Filesize
184KB

MD5
1b5c27c842166a99a194a685aaa2865b

SHA1
e7accf6334d1c1b8e2c241ba2c0ccd11d78d8f07

SHA256
be220efe41c10059345d35b4cd951e008bf648996adcf91546da33f7c87c0b1b

SHA512
997a17aec0c855fb20bc9ada38e36506fa05e5e36c799392e143467b30e82ab0accf8f5c6729ac3523acc66737efa85bc72fe3244b28e1a2ffc54b70b30b057e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe

Filesize
184KB

MD5
b963e32273ed4743b460d375bfb89e32

SHA1
e9239c32cf6e6cddfe76432436537c82786781a1

SHA256
2360144d7fe2a6a9eaad135267e785c27653c3f11f37750dd0b63e83b480acb8

SHA512
a466f6464841532d01dfca83021f098ac1947d1879988821e152c1a71d4a89ce9d220c892338cdaeac1fefcef2e8752ebd9ae7b1275d41dac71fa8a1dd8e7da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe

Filesize
184KB

MD5
86b21be4c81d4047fae260786030c7fc

SHA1
46b5dc2db6ed01cc139a511f8b0d9bae2d6cd790

SHA256
e5f30af870319ab549c45099f21ebb320a02d4355d4f4e2dd2301046505617b5

SHA512
f40eb9cae595754fc1dd58462ab24423d8cb449cb232670b6e3cc6ab79d3ba92a3753ba4cd7873ce414f1ca9d2aec8ef35ab6c75b2bcf04cbed9bc83c103107f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe

Filesize
184KB

MD5
63b91ff772bfe54e9d6389dbe4f623bc

SHA1
85a58e7d4026654e59e4c87a9c42c4c7c1610dd2

SHA256
c60cc2c15e8dcde73ddaa0141c82747d82ea5c2641e59fb9629fecdc3d342acf

SHA512
8db31c37f2098cc1d48c6c6b9da4dc9a0350641a9c31fd10d9daa253b670ab4e5d4698b7ae7ac0a395b8d1a5b5b495c746e12ba2b56b7dc57525314ba2a45911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe

Filesize
184KB

MD5
cd088606edfc47b46333d68fa00fa62a

SHA1
4bc9767a82970728b05184c5115efaece72c0f45

SHA256
6b2ef61264af031cab97d904c77b6cf2ea4066e5a20cd4afe064cad4e3dec393

SHA512
bb183fd47bc2aee36b9051c33f1031a17d8e9e092355e804d26610a0dc7d2ce441a17f740f3a29b7753d5ff7dc6d5664dfef23dd8e061cca96a6326c4d87976b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe

Filesize
184KB

MD5
d755c5b4e96ed4efc9efe2e7adca89f0

SHA1
9ed6f5d53bab05884b77cf9f9050bf37dc617e8c

SHA256
f5b6b6fa0fb1482ad227362a2ba3d7389044bf408477776bae0cf2d19739ea08

SHA512
74ffbf9e75a6e8dd0fc12cdb3e3adc4f58b11711fa8a2904c223a725ac8c3d9ff66a0670e7b1eb7913d6e095ea9ce653fe3228299546272bccf71e4a2d3325b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe

Filesize
184KB

MD5
d7b4ebda44889c14d9ceb1e435f88000

SHA1
2fda4502be56a4cff77640eba2f4cd77bd4bd7a4

SHA256
82661b35558918a1599f486effa913ce82c398d5382b434179e31221dd829c51

SHA512
d4af7ff08e8bea6515e860cef672f727809921f448a34bf0c90ea2fdfc199b5f9cd470e010cdc59b1c92ee2cba7c61cbfdafd0369f24c490590ed36ab3f96d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe

Filesize
184KB

MD5
f531b1bc4636da19aabab6a8abc9efb6

SHA1
5abf5edb055cb7a5caa886c85aad40677d920410

SHA256
cdcf215926cc95d57e811506276a084193cab8662d38bfdf8eac4bf08c7c6eb3

SHA512
589db9ad0f076764194b1812743932bef8ff10b0581271bf7beb0b75ac01191540a209071c1c246cef4123a1ed2b9d1f1af15a2f86f6c03adf643cb588e3a710

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe

Filesize
184KB

MD5
9d33b000c42295e496cb31bb4502048e

SHA1
4fbdbabfeef9aa58beb7fa728b0a901d5845895b

SHA256
ce817a45617f4698fd583c36f619ddcdc6c8616ad2ec48b9a18a06eadd659df7

SHA512
62bbebb65ea7fff7547e0ef6e0eec7e94b68f68f4b54c1dc24330dfc5f51a14fd67cc6892970f195d865112dbdb86ce0fae40b1f37e72d4c3822eb579e9b3f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe

Filesize
184KB

MD5
c3573ae8a3d819d86b44c844056f9364

SHA1
03274c2f061ab7fdc64f21872a2b8121e778fa8d

SHA256
6e154bb455c25ad130dc3659475dfccdccb9d18db3f4e5b66c2f0b26fb7e21d1

SHA512
0e0e334952bd093af5f1ef8541743171bffef14fce02bbe38f485d8bada0448c039f63dc5fa44e208ce5c1251e1e52445f89c06539aed8855bf5643b3a82f7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe

Filesize
184KB

MD5
27c252531c597eb2701bff35f362b527

SHA1
a1a1a5c5c55b4bc32482c4bc679d42d0d37c3a3c

SHA256
c022737d370a2008864cf1d9d6d47932cf9107ecc1b442b8fe38fbdddcaa5b3f

SHA512
ef72eeeb8008d14ddb896e370a0eb33f2f81bbe23751eb2950a1a2c8201e4cafb5c02dd5f3bf041ae5e8423334a49463fa077e7e2c422cbe2cea1dad93ec7745

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe

Filesize
184KB

MD5
b50bd2d794dba447a325bd4da1435757

SHA1
534c68e395581d4c87d184a61d7c5802081c92ff

SHA256
68de7a4fa71698119c352d8640f2f759e301dcec4680b896353d98e89b0c8745

SHA512
a6c857ec1cb8dc00a0e3382f666b50eeae809226a5d0a033b20257a6dffc56ca8e01074ee7b2c12502d7bd51b8b65bdf3c9a43f29dd9f7aed7a4c7aa44445234

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe

Filesize
184KB

MD5
57e938e20417449047fc0165846d844c

SHA1
e5c1ae9d8ba40114878051d685b2d9a45eaf560e

SHA256
2ff8cd638fee1374f6265051a080d57c45944152bb66b04612d41f1eb58f37a8

SHA512
c9489a37f8c51dc3c719dcb06c63c7b3b8768bc0b3d385a4cd78e4df2c5c1ba4b9a8a3ab9f0808b6e954035915c9c3573897ba80e4ec0a4af50c47ba7b840b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe

Filesize
184KB

MD5
ca5c277cb110201c6a1fa50a0c5d1c5b

SHA1
ee4bdca8af2753b4769a0ce7d1a4668919ae9784

SHA256
6083f7442ccf57aa7cbd312380b7979d7bd7df02fc4d781851ed453a3ae0907a

SHA512
a56a94962e0f16916bb39a7069948a7473f06a2747ce03a88e7af8d9c7947869e6b9f955c49b38181365b548640c0186d1b4729761da9d53f2f818e68999b2b4

Download Submit
memory/4132-4497-0x00007FFDA0F70000-0x00007FFDA1165000-memory.dmp

Filesize
2.0MB

Download
memory/4432-4496-0x0000000077090000-0x0000000077163000-memory.dmp

Filesize
844KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads