8834ce7d62b6cda0d86d64818c14b9e7cde2b7647522b6ec1313cbacea33427e

Analysis

max time kernel
150s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe
Size

468KB
MD5

4990ab92b6e5a64545085afea458ad80
SHA1

04d86a76ff09f70ce1852429000756da72d63177
SHA256

8834ce7d62b6cda0d86d64818c14b9e7cde2b7647522b6ec1313cbacea33427e
SHA512

22719a735d6304bfde7df92999c99cabb84a9020d2c60b05220d2031f678868e6c9d704053ebad61e681cbea73a2e56dd5c8fbb7d138f75c1a0b1a9e460f2411
SSDEEP

3072:tb6CogMdj08U2bYJPz5jff8/EChjtIpCnmHe1VpFPkhMEGHNmvlj:tbno/5U2OP1jffQ0oDPkCzHNm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3488	Unicorn-3493.exe
3712	Unicorn-45486.exe
2148	Unicorn-52263.exe
5004	Unicorn-59622.exe
2572	Unicorn-4946.exe
1072	Unicorn-43286.exe
1656	Unicorn-37156.exe
2640	Unicorn-48330.exe
3276	Unicorn-50831.exe
3672	Unicorn-58444.exe
1392	Unicorn-58444.exe
4980	Unicorn-34494.exe
3624	Unicorn-19284.exe
4948	Unicorn-9335.exe
372	Unicorn-39730.exe
4332	Unicorn-31584.exe
2684	Unicorn-13664.exe
3764	Unicorn-33530.exe
1568	Unicorn-64156.exe
3576	Unicorn-29254.exe
5104	Unicorn-49766.exe
1516	Unicorn-55896.exe
1808	Unicorn-51812.exe
3896	Unicorn-47728.exe
5032	Unicorn-40136.exe
3064	Unicorn-50997.exe
4028	Unicorn-31205.exe
4116	Unicorn-20270.exe
4596	Unicorn-5060.exe
3152	Unicorn-6093.exe
4744	Unicorn-30689.exe
4020	Unicorn-12315.exe
2228	Unicorn-45543.exe
2256	Unicorn-38574.exe
2400	Unicorn-38574.exe
2168	Unicorn-10540.exe
2976	Unicorn-22238.exe
1572	Unicorn-16107.exe
3492	Unicorn-55413.exe
3480	Unicorn-30790.exe
2064	Unicorn-64209.exe
3856	Unicorn-33239.exe
752	Unicorn-33504.exe
2472	Unicorn-58755.exe
4624	Unicorn-15029.exe
5016	Unicorn-52341.exe
4716	Unicorn-55870.exe
2356	Unicorn-12891.exe
2488	Unicorn-10845.exe
2832	Unicorn-16976.exe
3800	Unicorn-39342.exe
992	Unicorn-57054.exe
4592	Unicorn-59854.exe
2512	Unicorn-11308.exe
4324	Unicorn-61900.exe
3512	Unicorn-61900.exe
5108	Unicorn-3140.exe
2088	Unicorn-28266.exe
1988	Unicorn-21444.exe
4440	Unicorn-21444.exe
2452	Unicorn-43810.exe
2176	Unicorn-33595.exe
864	Unicorn-50587.exe
2296	Unicorn-23944.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2216	3576	WerFault.exe	114
13536	9272	WerFault.exe	420
14416	7152	WerFault.exe	295
15160	7268	WerFault.exe	349
8604	7340	WerFault.exe	350
232	3456	Process not Found	829
14884	1660	Process not Found	856

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15828	dwm.exe
Token: SeChangeNotifyPrivilege	15828	dwm.exe
Token: 33	15828	dwm.exe
Token: SeIncBasePriorityPrivilege	15828	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe
3488	Unicorn-3493.exe
3712	Unicorn-45486.exe
2148	Unicorn-52263.exe
5004	Unicorn-59622.exe
1072	Unicorn-43286.exe
2572	Unicorn-4946.exe
1656	Unicorn-37156.exe
2640	Unicorn-48330.exe
3276	Unicorn-50831.exe
3672	Unicorn-58444.exe
1392	Unicorn-58444.exe
4980	Unicorn-34494.exe
4948	Unicorn-9335.exe
3624	Unicorn-19284.exe
372	Unicorn-39730.exe
4332	Unicorn-31584.exe
2684	Unicorn-13664.exe
3764	Unicorn-33530.exe
1568	Unicorn-64156.exe
3576	Unicorn-29254.exe
5104	Unicorn-49766.exe
1516	Unicorn-55896.exe
4028	Unicorn-31205.exe
4116	Unicorn-20270.exe
5032	Unicorn-40136.exe
3896	Unicorn-47728.exe
3064	Unicorn-50997.exe
4596	Unicorn-5060.exe
1808	Unicorn-51812.exe
4744	Unicorn-30689.exe
3152	Unicorn-6093.exe
4020	Unicorn-12315.exe
2228	Unicorn-45543.exe
2256	Unicorn-38574.exe
2400	Unicorn-38574.exe
2168	Unicorn-10540.exe
1572	Unicorn-16107.exe
2976	Unicorn-22238.exe
3492	Unicorn-55413.exe
3480	Unicorn-30790.exe
2064	Unicorn-64209.exe
752	Unicorn-33504.exe
3856	Unicorn-33239.exe
2472	Unicorn-58755.exe
4624	Unicorn-15029.exe
5016	Unicorn-52341.exe
4716	Unicorn-55870.exe
2488	Unicorn-10845.exe
2832	Unicorn-16976.exe
2356	Unicorn-12891.exe
992	Unicorn-57054.exe
3800	Unicorn-39342.exe
2512	Unicorn-11308.exe
4592	Unicorn-59854.exe
5108	Unicorn-3140.exe
3512	Unicorn-61900.exe
2088	Unicorn-28266.exe
4324	Unicorn-61900.exe
1988	Unicorn-21444.exe
864	Unicorn-50587.exe
2176	Unicorn-33595.exe
2452	Unicorn-43810.exe
4248	Unicorn-8734.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 3488	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	92
PID 4900 wrote to memory of 3488	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	92
PID 4900 wrote to memory of 3488	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	92
PID 3488 wrote to memory of 3712	3488	Unicorn-3493.exe	94
PID 3488 wrote to memory of 3712	3488	Unicorn-3493.exe	94
PID 3488 wrote to memory of 3712	3488	Unicorn-3493.exe	94
PID 4900 wrote to memory of 2148	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	95
PID 4900 wrote to memory of 2148	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	95
PID 4900 wrote to memory of 2148	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	95
PID 3712 wrote to memory of 5004	3712	Unicorn-45486.exe	97
PID 3712 wrote to memory of 5004	3712	Unicorn-45486.exe	97
PID 3712 wrote to memory of 5004	3712	Unicorn-45486.exe	97
PID 3488 wrote to memory of 2572	3488	Unicorn-3493.exe	98
PID 3488 wrote to memory of 2572	3488	Unicorn-3493.exe	98
PID 3488 wrote to memory of 2572	3488	Unicorn-3493.exe	98
PID 2148 wrote to memory of 1072	2148	Unicorn-52263.exe	99
PID 2148 wrote to memory of 1072	2148	Unicorn-52263.exe	99
PID 2148 wrote to memory of 1072	2148	Unicorn-52263.exe	99
PID 4900 wrote to memory of 1656	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	100
PID 4900 wrote to memory of 1656	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	100
PID 4900 wrote to memory of 1656	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	100
PID 5004 wrote to memory of 2640	5004	Unicorn-59622.exe	102
PID 5004 wrote to memory of 2640	5004	Unicorn-59622.exe	102
PID 5004 wrote to memory of 2640	5004	Unicorn-59622.exe	102
PID 3712 wrote to memory of 3276	3712	Unicorn-45486.exe	103
PID 3712 wrote to memory of 3276	3712	Unicorn-45486.exe	103
PID 3712 wrote to memory of 3276	3712	Unicorn-45486.exe	103
PID 1072 wrote to memory of 3672	1072	Unicorn-43286.exe	105
PID 1072 wrote to memory of 3672	1072	Unicorn-43286.exe	105
PID 1072 wrote to memory of 3672	1072	Unicorn-43286.exe	105
PID 2572 wrote to memory of 1392	2572	Unicorn-4946.exe	104
PID 2572 wrote to memory of 1392	2572	Unicorn-4946.exe	104
PID 2572 wrote to memory of 1392	2572	Unicorn-4946.exe	104
PID 2148 wrote to memory of 4980	2148	Unicorn-52263.exe	106
PID 2148 wrote to memory of 4980	2148	Unicorn-52263.exe	106
PID 2148 wrote to memory of 4980	2148	Unicorn-52263.exe	106
PID 4900 wrote to memory of 3624	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	107
PID 4900 wrote to memory of 3624	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	107
PID 4900 wrote to memory of 3624	4900	4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe	107
PID 3488 wrote to memory of 4948	3488	Unicorn-3493.exe	108
PID 3488 wrote to memory of 4948	3488	Unicorn-3493.exe	108
PID 3488 wrote to memory of 4948	3488	Unicorn-3493.exe	108
PID 1656 wrote to memory of 372	1656	Unicorn-37156.exe	109
PID 1656 wrote to memory of 372	1656	Unicorn-37156.exe	109
PID 1656 wrote to memory of 372	1656	Unicorn-37156.exe	109
PID 2640 wrote to memory of 4332	2640	Unicorn-48330.exe	110
PID 2640 wrote to memory of 4332	2640	Unicorn-48330.exe	110
PID 2640 wrote to memory of 4332	2640	Unicorn-48330.exe	110
PID 5004 wrote to memory of 2684	5004	Unicorn-59622.exe	111
PID 5004 wrote to memory of 2684	5004	Unicorn-59622.exe	111
PID 5004 wrote to memory of 2684	5004	Unicorn-59622.exe	111
PID 3276 wrote to memory of 3764	3276	Unicorn-50831.exe	112
PID 3276 wrote to memory of 3764	3276	Unicorn-50831.exe	112
PID 3276 wrote to memory of 3764	3276	Unicorn-50831.exe	112
PID 3712 wrote to memory of 1568	3712	Unicorn-45486.exe	113
PID 3712 wrote to memory of 1568	3712	Unicorn-45486.exe	113
PID 3712 wrote to memory of 1568	3712	Unicorn-45486.exe	113
PID 4980 wrote to memory of 3576	4980	Unicorn-34494.exe	114
PID 4980 wrote to memory of 3576	4980	Unicorn-34494.exe	114
PID 4980 wrote to memory of 3576	4980	Unicorn-34494.exe	114
PID 2148 wrote to memory of 5104	2148	Unicorn-52263.exe	115
PID 2148 wrote to memory of 5104	2148	Unicorn-52263.exe	115
PID 2148 wrote to memory of 5104	2148	Unicorn-52263.exe	115
PID 4948 wrote to memory of 1516	4948	Unicorn-9335.exe	116

C:\Users\Admin\AppData\Local\Temp\4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4990ab92b6e5a64545085afea458ad80_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        10⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        10⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        10⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        10⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        10⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        9⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        9⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        9⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        9⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        9⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        8⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        10⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        10⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
        10⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        9⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
        9⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        9⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        8⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        8⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32660.exe
        8⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50066.exe
        8⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        8⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        8⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        7⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        8⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59522.exe
        7⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        7⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        9⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        9⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        9⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        8⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        7⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        7⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        7⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        7⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        9⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        9⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        8⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        8⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        8⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9077.exe
        8⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        8⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        8⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        7⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        6⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        8⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        8⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
        7⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        7⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        7⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        7⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46371.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
        6⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        7⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        6⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        8⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        8⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        7⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
        7⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        6⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        6⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        5⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        6⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        5⤵
        
        PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        10⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        10⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19158.exe
        10⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        9⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        9⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        9⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        9⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        9⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        8⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        8⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
        7⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        8⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        9⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        9⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        8⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        7⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        7⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        6⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        9⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        7⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 720
        8⤵
        Program crash
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        7⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        7⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        7⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        7⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        7⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        6⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        6⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        8⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60356.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        7⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        6⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        6⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        9⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        9⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        9⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        8⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        7⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        7⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        6⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        6⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        5⤵
        
        PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        6⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        6⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        5⤵
        
        PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
      4⤵
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        6⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        5⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        6⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        5⤵
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        5⤵
        
        PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
      4⤵
      PID:12796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
      4⤵
      PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        8⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        9⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        9⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        7⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52282.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        8⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        8⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        7⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        7⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        6⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        7⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        6⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        7⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        7⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        7⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        6⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        7⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        7⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        6⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        7⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        7⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        6⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
        5⤵
        
        PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
        8⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        7⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        7⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        7⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        6⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28350.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        6⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        5⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        5⤵
        
        PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
        7⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        6⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        5⤵
        
        PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        5⤵
        
        PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
      4⤵
      PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      4⤵
      PID:11608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
        8⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        7⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        7⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20277.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
        6⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        8⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        6⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        6⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        5⤵
        
        PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        8⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        7⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        6⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        6⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20277.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
        6⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
        6⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        5⤵
        
        PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16014.exe
        5⤵
        
        PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
      4⤵
      PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
      4⤵
      PID:13908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
      4⤵
      PID:9300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        7⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        7⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        6⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32660.exe
        6⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        6⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        5⤵
        
        PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        6⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        6⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        5⤵
        
        PID:16320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        5⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
      4⤵
      PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
      4⤵
      PID:8664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
      4⤵
      PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
      4⤵
      PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
      4⤵
      PID:10640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
      4⤵
      PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
      4⤵
      PID:12500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
    3⤵
    PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
      4⤵
      PID:14724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
    3⤵
    PID:11524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
    3⤵
    PID:14520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52263.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        9⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        9⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        9⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        8⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
        7⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        6⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        8⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        7⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        7⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        7⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        6⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 608
        7⤵
        Program crash
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        6⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        6⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        5⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        6⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        5⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        8⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        7⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        7⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        7⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        6⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 496
        7⤵
        Program crash
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        6⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        7⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        6⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        5⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        5⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        5⤵
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
        7⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        6⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        5⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        5⤵
        
        PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        5⤵
        
        PID:7152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 488
        6⤵
        Program crash
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        5⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        5⤵
        
        PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
      4⤵
      PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
      4⤵
      PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
      4⤵
      PID:11616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 720
        5⤵
        Program crash
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26488.exe
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        8⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        7⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        6⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        6⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        5⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        5⤵
        
        PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
      4⤵
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        6⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        5⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        5⤵
        
        PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
      4⤵
      PID:12036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        7⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        6⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        6⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        6⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20277.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
      4⤵
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        6⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        6⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        5⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        5⤵
        
        PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        5⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        5⤵
        
        PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
      4⤵
      PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        5⤵
        
        PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
      4⤵
      PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
      4⤵
      PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
      4⤵
      PID:13156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
      4⤵
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        7⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        7⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        6⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        5⤵
        
        PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        5⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        5⤵
        
        PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
      4⤵
      PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
      4⤵
      PID:14192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
    3⤵
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        5⤵
        
        PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        5⤵
        
        PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
      4⤵
      PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
      4⤵
      PID:13412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
      4⤵
      PID:8132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
    3⤵
    PID:10152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
    3⤵
    PID:14156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
    3⤵
    PID:8284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
    3⤵
    PID:1424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        8⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        7⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        6⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        6⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        5⤵
        
        PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
      4⤵
      Executes dropped EXE
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        7⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        7⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        6⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        7⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        6⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        6⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        5⤵
        
        PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        5⤵
        
        PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
      4⤵
      PID:8980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
      4⤵
      Executes dropped EXE
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        6⤵
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        5⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        5⤵
        
        PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47238.exe
        5⤵
        
        PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
      4⤵
      PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
      4⤵
      PID:12672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        6⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        5⤵
        
        PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
      4⤵
      PID:13384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
    3⤵
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
      4⤵
      PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
      4⤵
      PID:14244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
    3⤵
    PID:8720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
    3⤵
    PID:12476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
    3⤵
    PID:15868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
    3⤵
    PID:16280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
    3⤵
    PID:8856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        7⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        7⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        6⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
        5⤵
        
        PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        5⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11930.exe
        5⤵
        
        PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
      4⤵
      PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
      4⤵
      PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
      4⤵
      PID:14088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        6⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        6⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        5⤵
        
        PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36300.exe
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
      4⤵
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
      4⤵
      PID:11712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      4⤵
      PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      4⤵
      PID:10204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
    3⤵
    PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
      4⤵
      PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
      4⤵
      PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
      4⤵
      PID:12492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
    3⤵
    PID:10552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
    3⤵
    PID:14516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
    3⤵
    PID:9532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
        5⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        5⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        5⤵
        
        PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
      4⤵
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        5⤵
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
      4⤵
      PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
      4⤵
      PID:12276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
      4⤵
      PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
      4⤵
      PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
      4⤵
      PID:13084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
    3⤵
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
    3⤵
    PID:11960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
    3⤵
    PID:228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44915.exe
    3⤵
    PID:11792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        5⤵
        
        PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
      4⤵
      PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
      4⤵
      PID:9544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
    3⤵
    PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
      4⤵
      PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
      4⤵
      PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
    3⤵
    PID:10968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
    3⤵
    PID:13332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56397.exe
    3⤵
    PID:9772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
  2⤵
  PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
    3⤵
    PID:8812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
    3⤵
    PID:9972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
    3⤵
    PID:11284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
  2⤵
  PID:8052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
  2⤵
  PID:11532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
  2⤵
  PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3576 -ip 3576
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 9272 -ip 9272
1⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7152 -ip 7152
1⤵
PID:14876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7268 -ip 7268
1⤵
PID:14328

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7340 -ip 7340
1⤵
PID:15440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe

Filesize
468KB

MD5
d2e75ac41224148438574c55137a2916

SHA1
52aed6b24d66629501054db5f10d61ada35f1887

SHA256
c6747d5979fd5d2271e19a1190ed0a6ba0f227879194c19c9e77e63b31d6c2f0

SHA512
004715779828867810f78d12a5bb9f2e9472a664a5a6d68b027e434c9d2a0ceb11d98d483f25950419d33a69dc9f621930d68e004c60efea839aec8836b1bd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe

Filesize
468KB

MD5
2daa47e17d313a1a50f871d3ea7e37e8

SHA1
496efcfbf65485ce1fdb2d5a3cd8bf3e4222d215

SHA256
f8f4d3464d383a662ce02c77749f98834c46412ffb52ddec75fbab01d7ec3de5

SHA512
48d65b5cf3b4e201cbfccb615c9d64b76eb43c5dfa954b95f18402f81c786035a4f99fab9cea5064da0d3da868c3c945850c716f86049cbb47fa88f957656016

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe

Filesize
468KB

MD5
8ddaff9f30b0d8ee2de252064f05d875

SHA1
f441df53b1db4441ba1080ec3e0dddca359204c7

SHA256
c369201f0742ffd5c92a9614c1bb625f493f7a3d08b0177a027af264f9f51296

SHA512
36e6ef3bfb7c4da06bdf1bb08dac5266406ae1a9cde3486e950dd8222fff5650c10f1f34d35b62226f2ff1eddb7fb6c0ece4ac2b320db15e8da27a09cd27855d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe

Filesize
468KB

MD5
a498080b12f1eab362eec5dcb99f1dae

SHA1
344171a73a1880bfaa22566b86cfb584cc70a2f9

SHA256
ee49db63ecbb5e28c4238ef93ab5caa0ff0a87e1898b0461eb9f1be399f8aa26

SHA512
1341092193b7ca58d4131414799415cd85e6392dfd9ba909599132f0ae3b4e3bc3cb69b9db8a004a56d84a873f677961b4845f42930baa58a56b22726299bd8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe

Filesize
468KB

MD5
cd538469e90d0ec5eaa7fb58b21fcdc8

SHA1
a96b4f952e8d494794469cd24f23219cbbd20558

SHA256
71beed4d98857f983abc56cd8a7cd0266735d70a999cc7f415a37bb000381f9e

SHA512
475b3844a37ee60e3aefcf1dcecf18f5d1f953a1f00b0728be623502d1c9fc4192827276f0e6ce34e635c9c9bc62a552c8f0fd02a2e4016b6b2c811ede6741dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe

Filesize
468KB

MD5
40e2e1c88f2ff985c3cc42640f0fbf43

SHA1
9761beea1a71379a6c07384ea41c719dbb46cfa2

SHA256
d9bf8c973dffc14d8cd1804fc32365b011131dd225af926c68f3780f990f24d2

SHA512
ea77d3e7a8c1349d33dbaf58176a876cfec9761c3eca07e238db7227abd62283e43e39a448f8bf4e309d54b42af08f1907fdddaafc06bda0f3f421e2e3763255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe

Filesize
468KB

MD5
c2be6108886ce378feb24fcfb710aa3f

SHA1
3a9fbfca6bde239f4de349229e404c447960da88

SHA256
459cfd2d90bd748fa2186d095c4a794ad2e04c17aaaf8f8be7b72804b3d3d330

SHA512
98456d341d757d51b6f8aa1bd4c06ee178218725ba6ef9595ee06ab9b9b5f6a3c17d1ce74179341a5239ac3cd8fb4dc267b460f76c77eac13a905522762177a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe

Filesize
468KB

MD5
6a0468851fc7dd4557510e2b06aa1885

SHA1
60f65c71c04269f5206e62dded6d6163902d6a38

SHA256
655a81aed452a74a81048acfcaec1181a9be182c9f8b5517d53ef691ad2951fe

SHA512
d8db5fc1eaa1419775c0f288659f76e5329039cedcceb9d221c69fb0f025639544305fffca102f185bed02489f12d0d5aeb91f67cb6e20562431c352fa03ae03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe

Filesize
468KB

MD5
24b929bcd8b683a631548b43134d3fe8

SHA1
def3a4f1262d27f0f3aed0570c27813a6dbc6a11

SHA256
d1873537ce82a1e1b5929ca19c9443a61c3e1970be58e1fb84edc8bbce4644dd

SHA512
ce89f6b5a3010325c142c3ee37b6c6a18d508ab6fcc3088cc0caa0d44ce50a61412389a5d6c42223b488bc1dcf2b38b03f687365a2f13110ce42df60fcd8b1ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe

Filesize
468KB

MD5
8e440406f567c4d1cfcef509bfe0f266

SHA1
e6d99337bbfdc999bacf74d8fa8b5992caa896be

SHA256
37efabae506b1f2791bef84cd5c65447585ec4c6c3180c27c9b0a8040de53e95

SHA512
03156bf0974eedbbebeefb99b134d4da19087b0eb76e1963fa4161d7e873aa43dcbd891a5689158b29e6463f1788333140eec0267d8d2e6b407df362733786d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe

Filesize
468KB

MD5
d518480eaaf079b05353765df96d3b62

SHA1
f7186fab84dead3b1083b5231a8b13c9441681d8

SHA256
357c215af50b6c0a17be46817c3ba940d6776c889e65fc7622087c644750f29c

SHA512
2aae6680398551de494059ccb2c7b5b462b0080c2d33beeb33200de60b19c2e004874b4af1fddbf8d288cab6ec49d564dfee3964c5c5063f78939007687ae6cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe

Filesize
468KB

MD5
f91158734b01bc8719c392ce5259dec6

SHA1
719cb0803cfc211047f2012e962b07f32016051d

SHA256
5b376405893fbb3920c9d4e96eefc3c8f0e2c2725359088cec77f1e55756f034

SHA512
05853c15529111b750e4ca5547d31c73cd00581808d3db90d135240b46f9eaef4bc5181d6eaa4b3aad6667bfe3dc28b4f0ba02c174ee86041810d8caf78010df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe

Filesize
468KB

MD5
1a3cb75c1d14b982e3bb82da6a800b6d

SHA1
d3635a78d4c0a70b504cf16b47e8eff2a1455ac0

SHA256
0dda97d947af052dcdd727c31b635213db3a7b25ceec26db8b233fc5906d8cd5

SHA512
5f566a4780708568cede3c1501218ae2e669d5c50e37f8a1f59c243643dcdcda2a232f4a78d999037f041ef0473d124c4da72761c28ad3352395ff541d31cb17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe

Filesize
468KB

MD5
4af57e48b931de6730744e92163f1a7f

SHA1
b5a5e0c1ee8015f9d2ba28d90d757ba3b186e961

SHA256
e08ec9956d67efe56321e7cf3db5b88c5a395ca5c5cd1baf57ce046122b59e1c

SHA512
c100efdfd801425d3a03b1ea7a6a338dbc6a2e605166ffeabf52e8a7d28abbf4a7cc5ad629bf03d02c4704d702c8dcc0896fbab68c7e634f0688f8d20e6c3c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe

Filesize
468KB

MD5
e05c8d06b6346dffa22db41d57f5e476

SHA1
926e96a0bde7ddcbb5729094f4849faf8a3bca07

SHA256
d2727389a935714048da54345b9595c0f75aaa056b23b67c0c0ffc0143fa8fa9

SHA512
9b177a3f36f24c1bb4f7f51092b4d890b7bcc2a5be9c777546cd3502a352e46d4874d5473fd3f92d45d18885d06a31bfd5d04198e22f7d9e74a9946a3f2d2775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe

Filesize
468KB

MD5
c1bd9964c1d7d2415c6cd7a6e77fb70a

SHA1
6668bafb5b927287189dfdf90da6aa9f15986124

SHA256
911a792cbce389a78fb00ceb46973a711dd3f0e344738b81f503507b30aa26ad

SHA512
d398c008d0f3e0f4459fc9bbea386ad85914147228afdd92d4a85fe17b71cbf0456b81b918539b03f7e21f23c2bf4b64111e5291a9b3bd1e0618d116fed81808

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe

Filesize
468KB

MD5
081008dbbcbd1f4ba11aa2c4b454b075

SHA1
8d47036e1ab1e4035a4df271501a6acb4d6ca97d

SHA256
b949a080e37c63c55df0abb2fb799de5198e9f5705ce1c10756ca3bab585ec4f

SHA512
c940d705a2e8c18aafe7480328490fab83265e0875d5f09618dd53a2e7b041dfd8959813ee7d45d2e3ca147854c28497f0eca20e59c8133802acab2f301a6392

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe

Filesize
468KB

MD5
7c4157960b506d34f0bb9714d8d48801

SHA1
95d989d489a62e54f9c151e4aec813003a3c2534

SHA256
acd4fec3afde74754e3faf9b70cc48c13872aaec2fa0fe461538168f7c76adcd

SHA512
e736ff95c6fc6b1ee8df1c107b5ab9797ed57791f7f46f2999d93165cb6716948b6bcd29607b784e682a93242ddde96896122317870d593fbdedcf66d44b0178

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe

Filesize
468KB

MD5
538b6da891f0a30f01298f0850569034

SHA1
bffadb6a8570154c789db89b4a15ce2076b2e6b4

SHA256
ee0a16a83b5889bf0ba14bd9c702c86cdc9ee3c596b276ec6cfbee0106f4ec1c

SHA512
95c8b9deea32d3b32dd8491cb2ea4490081e9890a9b15f88be962e5b27115e5e98dedb0e2e885f40172415ccdba993c40eb50fcdf2f44ee98fbc46fa89b3e3c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe

Filesize
468KB

MD5
47c929d7f4576f2b80850d744517451f

SHA1
27c13cbb5bf05726656618b80972f102845fb249

SHA256
92f906e2353bedcd6d07a69d8d3f21796f415620c96839871d494c316c07fda1

SHA512
3ca463c7e3fc20f13f434c1e1338d09c0f90cebb8ab003ce84dcba667eb120536b1ad1479c876f8299d00831dbaaa399f3ad29753a270a9de513485a4d18021c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe

Filesize
468KB

MD5
55e5bb0d6d32c4e1a5cea53e66646728

SHA1
29b9ff67cb9cfd34e472272134e1973a42b31ec4

SHA256
a88e2e8b25e60460e9c3934ad1811ba72824c949ba95a88a2fb3bbf4dc1bd067

SHA512
dc4cf0132cb35d4637d0b92e7110c713b1b1a964a1d8c424bfe258f129ca8774e644e50f2889b5eb66b93c4c7bbf8c42ef4f7c45b1d8c2c35794e1b34f661d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe

Filesize
468KB

MD5
a5e652b0a79c03a54c64b16ca3c80a6b

SHA1
f5c61a629f78e2e8744b7c936865e782badbffc1

SHA256
0780c9ae990abbe9413e6b8d3affe73034ab8b810c9c7535e08a1509f5ebd38b

SHA512
62a35301a590ced229e9e116df237dd5e68b3c57cbddf1dd63a4e626d48051fd2e465484c0270fcdbb811b7f50e02815e358f076f58c66188fd08d65ca5bb2ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe

Filesize
468KB

MD5
75156df9e4275bdd7852bab825cea012

SHA1
1e4a8278881ae65fa19efa4bfcbdfad63fa3aab1

SHA256
92b86cec18b6e5f008a904ef20b8d5bb72d2cbabc3931dd31624b425a2dac83f

SHA512
f38d1aa0583bd132664edd9e6e4d449747a712e0e590b289e4465a079567094d836e6cfb7e107598da0c601a4f31819bc0e0be07ab92be8ea0025dd8eb341a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe

Filesize
468KB

MD5
b05664ad33716f551be73232c69f8752

SHA1
98773363c134f30460f7ad586927929bc4dbf65c

SHA256
ea7fa77537011a28c49e66ab1d4285e4a70861d226195389bf66a29f0cb9f175

SHA512
12b9222ebe71ee64f6b2adfa68a1762f71bfbce25b5def705a0d4c454f0cf531e66eea1c6d76e54225d20bab942b7369e052d5a329310594a919e481d5a83b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe

Filesize
468KB

MD5
f1de4d53a1e6d482deac54be0cfa742d

SHA1
be3ad004eae9b1930ec953d4059ba12aac6ab187

SHA256
e202c1b16747449386f7b2e7f4c65849c394917d4721ea812bb67dc721ad9dd6

SHA512
4a753081dc3ddb481c4b9d6c7ffe50941c051320d25e305b0f8ba36d2167d9c84760e2913ad42d1e0814b76ceea6bda39771aa26720805362029fea2d9a43130

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe

Filesize
468KB

MD5
7589f3aac981a784c3f124230e3173e2

SHA1
ca7b919a92b332cb810b3b8d6e9b57cfecb3e595

SHA256
41fb72957a40a674d59b6aef75ad6b9941ef2b2c678d6b14dd918651b69dcf48

SHA512
8970c590d2eec1bb62dc965802d7b39798cd4b172366ee416704c5cec5100cdd943b5836f075d9d70eca99c2f6ae83e33f3a7722a8abea642b8eeb48cf69e734

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52263.exe

Filesize
468KB

MD5
92dc2c56895409ac5b2c0a053b6542de

SHA1
61b1697bcc4338f56976769b2bbf3aa6ff419542

SHA256
cc0d35afae04cde61bd3c0b8fa950823ec5464099a311f2856f1a8a315c34469

SHA512
bc2bc32d613c4bf8647d5bdd54027c760dc4e7ed57538255e19fcb1aa573248c4ba67c6c592dc3b6fc719eef10475846b146e1bdbfd7bedd07b64472056fa3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe

Filesize
468KB

MD5
ae84cdec9752157fa55d49b67779eb20

SHA1
342c18d165d44c6ca1cb46ea9a690f4ab906ff9c

SHA256
6cf43815f85769f8e736b39de22b9f9318041dd787513bbb056c44f263409205

SHA512
6938df613806fa50af6f180df00f219a93c29975041e77f92553f9ceb4cf9d3d0dec8b81ec9a4f6e6e4ed304cedd1803b8c0943ad66436e47a039726d3b7d8e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe

Filesize
468KB

MD5
4df40ab2b277c87a1ee5be465f0c0307

SHA1
de5c123bb94a2791988915813ec926afe13b408f

SHA256
9fdef832483367664eab897f2bab0bed0397428476cac59b22e99799b24cef56

SHA512
bb9adc429dceea81889e74b3aa7f81ce4b5aa9a7c39eb17ff60269276c98e99b925f19b02732967eef361b19cc6ff60ebdeb44dff5c1dfc81cddefe9dbb4bc8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe

Filesize
468KB

MD5
7e020490afb5fb5debbb5694fa2fd205

SHA1
783b014a31aa9916c6aa970c88de0ddfe8a7aba9

SHA256
13a04ce6588b68c4eb70b0c2bf44a42d7ca92d9ff98918878f89365caaa49d43

SHA512
04e10b971431a013f7c88c235f20523e7727c5f7b3ab5ee5ef17dfd4fb92531546366e901d5d35f9dfaaf5c3f8ae5314e1cf629059a5c6fb7acaabb4f4c51134

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe

Filesize
468KB

MD5
e2abfe92ee026916da6640a8ee862a1f

SHA1
62c1f2225f84e8c9bfd9323afe86df0cdf027c90

SHA256
e6dc188e8d3ec8394ff0bbe6b589c1c8d86776293a92f37950005a0da92cdab8

SHA512
490177b0151196856034004dcb4b934352b9958a180e991af4d08821ef571b92cecc91278a2506b35dff321f7b51c4e99db95746ba10b71a03bb4d600a105a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe

Filesize
468KB

MD5
579dfb7ba9d17b7e6404ded2e1c912e6

SHA1
caa280699506ac29516c8e870606afeef892c7f1

SHA256
f9d11ef2c93bf5d39445078ddd399a375d0f7c38dec6e782949e6d41ff11753d

SHA512
4074f7e0b1e1b382e0f61e1c119e2c2bc874fe09d47ff426c5c0858fb1725794f24ce51d8d1156cfef911b5461d738c12148b8e73a8592ceb309581d5b4fe72e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe

Filesize
468KB

MD5
a9235d124a31af27c35fd8fa0aaedd9a

SHA1
7d15fdfaae52c52a464c9efc7f4bab660a01202a

SHA256
a9284a231df577df3aa2cebc00dc1f754625230c4632d7729ca91be1cf712ef2

SHA512
0ada7dd6a7f87f625ee27097756a42f1d03ee22c48beae25a834179f11bbb8cebd178b53d485e926d59cbc8da851398fa88666a5a08de21fe811152c4846d5b4

Download Submit
memory/8-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/372-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/452-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/752-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/992-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1072-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1572-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1720-4467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1988-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2148-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2168-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2212-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2256-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2404-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2440-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2452-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2936-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3064-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3152-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3276-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3480-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3488-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3492-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3672-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3712-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3764-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3800-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3856-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4028-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4116-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4220-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4248-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4296-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4440-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4572-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4592-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4924-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5032-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5080-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5104-150-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5188-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5356-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5456-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5464-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5596-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5632-555-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5648-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-556-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5704-557-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5720-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5792-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5920-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13156-3550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13536-3891-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13860-2803-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14684-3776-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15232-4498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15272-4367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16104-2806-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16292-2805-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16308-2804-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16340-2808-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16352-2809-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16360-2810-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16368-2807-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads