a56d8a64e69cd77e692d1eb4a77b2be39e8c572efdd978fde815f47386743e82

Analysis

max time kernel
146s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe
Size

184KB
MD5

4bc4be8e53f7e917117a19c77e7428c0
SHA1

e6c0b9f7b2b613fcbbf1f69fbd95585ac4140da9
SHA256

a56d8a64e69cd77e692d1eb4a77b2be39e8c572efdd978fde815f47386743e82
SHA512

6d1ca521eb0b2a07b5f77fc5763e2472d26d769f2102808046db65c03a13cc90f5496f3abfa9cfd1705eb64b7bd2d08503d7047284417396eff55d2a80e55ec8
SSDEEP

3072:7KovfkonKkrYdteZW6CJ8sNyUlvnqnxiud:7KHoxEteu8UyUlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
5048	Unicorn-64982.exe
1760	Unicorn-11626.exe
5016	Unicorn-60230.exe
692	Unicorn-1249.exe
3280	Unicorn-1249.exe
1056	Unicorn-61180.exe
1768	Unicorn-47445.exe
452	Unicorn-35510.exe
3212	Unicorn-35510.exe
2676	Unicorn-53739.exe
1304	Unicorn-19801.exe
2976	Unicorn-52042.exe
1432	Unicorn-46177.exe
2256	Unicorn-21338.exe
4812	Unicorn-33783.exe
1672	Unicorn-24773.exe
3820	Unicorn-5464.exe
3584	Unicorn-37971.exe
1500	Unicorn-51739.exe
3656	Unicorn-60404.exe
1020	Unicorn-40803.exe
1544	Unicorn-52441.exe
3244	Unicorn-41308.exe
3344	Unicorn-35807.exe
2556	Unicorn-50115.exe
4268	Unicorn-49226.exe
2412	Unicorn-24648.exe
2744	Unicorn-1779.exe
3208	Unicorn-38370.exe
1576	Unicorn-32239.exe
412	Unicorn-17072.exe
1696	Unicorn-32226.exe
4460	Unicorn-30794.exe
4356	Unicorn-60533.exe
1944	Unicorn-31318.exe
2004	Unicorn-6216.exe
3120	Unicorn-19951.exe
4912	Unicorn-44666.exe
2104	Unicorn-40287.exe
4956	Unicorn-2410.exe
4476	Unicorn-64589.exe
2776	Unicorn-23287.exe
4844	Unicorn-24688.exe
932	Unicorn-13753.exe
1940	Unicorn-30047.exe
2428	Unicorn-18680.exe
2088	Unicorn-44474.exe
864	Unicorn-45541.exe
3328	Unicorn-24767.exe
4064	Unicorn-26201.exe
632	Unicorn-13402.exe
4512	Unicorn-19533.exe
2636	Unicorn-22469.exe
4248	Unicorn-47955.exe
4044	Unicorn-62449.exe
3200	Unicorn-1638.exe
1328	Unicorn-41811.exe
4388	Unicorn-48601.exe
396	Unicorn-29000.exe
3748	Unicorn-21072.exe
3056	Unicorn-4071.exe
5072	Unicorn-21072.exe
2344	Unicorn-51907.exe
4780	Unicorn-25020.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
7676	4820	WerFault.exe	196
7968	4108	WerFault.exe	195
7424	3992	WerFault.exe	194
7756	4820	WerFault.exe	196
9124	3992	WerFault.exe	194
8144	4108	WerFault.exe	195
18972	16128	WerFault.exe	821
18984	16316	WerFault.exe	840

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	19404	dwm.exe
Token: SeChangeNotifyPrivilege	19404	dwm.exe
Token: 33	19404	dwm.exe
Token: SeIncBasePriorityPrivilege	19404	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe
5048	Unicorn-64982.exe
1760	Unicorn-11626.exe
5016	Unicorn-60230.exe
1768	Unicorn-47445.exe
1056	Unicorn-61180.exe
1304	Unicorn-19801.exe
2676	Unicorn-53739.exe
2976	Unicorn-52042.exe
1432	Unicorn-46177.exe
2256	Unicorn-21338.exe
4812	Unicorn-33783.exe
1672	Unicorn-24773.exe
3820	Unicorn-5464.exe
3584	Unicorn-37971.exe
1500	Unicorn-51739.exe
3656	Unicorn-60404.exe
1020	Unicorn-40803.exe
1544	Unicorn-52441.exe
3244	Unicorn-41308.exe
3344	Unicorn-35807.exe
2556	Unicorn-50115.exe
4268	Unicorn-49226.exe
2412	Unicorn-24648.exe
2744	Unicorn-1779.exe
3208	Unicorn-38370.exe
1576	Unicorn-32239.exe
412	Unicorn-17072.exe
1944	Unicorn-31318.exe
4460	Unicorn-30794.exe
4356	Unicorn-60533.exe
3120	Unicorn-19951.exe
4912	Unicorn-44666.exe
2004	Unicorn-6216.exe
2104	Unicorn-40287.exe
4956	Unicorn-2410.exe
4476	Unicorn-64589.exe
932	Unicorn-13753.exe
2776	Unicorn-23287.exe
4844	Unicorn-24688.exe
1940	Unicorn-30047.exe
2428	Unicorn-18680.exe
2088	Unicorn-44474.exe
864	Unicorn-45541.exe
3328	Unicorn-24767.exe
4064	Unicorn-26201.exe
632	Unicorn-13402.exe
4512	Unicorn-19533.exe
2636	Unicorn-22469.exe
4044	Unicorn-62449.exe
4248	Unicorn-47955.exe
1328	Unicorn-41811.exe
3200	Unicorn-1638.exe
3056	Unicorn-4071.exe
3748	Unicorn-21072.exe
396	Unicorn-29000.exe
4388	Unicorn-48601.exe
748	Unicorn-21424.exe
5072	Unicorn-21072.exe
4780	Unicorn-25020.exe
2344	Unicorn-51907.exe
2164	Unicorn-35146.exe
2564	Unicorn-53354.exe
5096	Unicorn-29002.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 5048	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	87
PID 4936 wrote to memory of 5048	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	87
PID 4936 wrote to memory of 5048	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	87
PID 5048 wrote to memory of 1760	5048	Unicorn-64982.exe	88
PID 5048 wrote to memory of 1760	5048	Unicorn-64982.exe	88
PID 5048 wrote to memory of 1760	5048	Unicorn-64982.exe	88
PID 4936 wrote to memory of 5016	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	89
PID 4936 wrote to memory of 5016	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	89
PID 4936 wrote to memory of 5016	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	89
PID 1760 wrote to memory of 692	1760	Unicorn-11626.exe	90
PID 5016 wrote to memory of 3280	5016	Unicorn-60230.exe	91
PID 1760 wrote to memory of 692	1760	Unicorn-11626.exe	90
PID 5016 wrote to memory of 3280	5016	Unicorn-60230.exe	91
PID 5016 wrote to memory of 3280	5016	Unicorn-60230.exe	91
PID 1760 wrote to memory of 692	1760	Unicorn-11626.exe	90
PID 4936 wrote to memory of 1056	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	92
PID 4936 wrote to memory of 1056	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	92
PID 4936 wrote to memory of 1056	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	92
PID 5048 wrote to memory of 1768	5048	Unicorn-64982.exe	93
PID 5048 wrote to memory of 1768	5048	Unicorn-64982.exe	93
PID 5048 wrote to memory of 1768	5048	Unicorn-64982.exe	93
PID 5016 wrote to memory of 452	5016	Unicorn-60230.exe	94
PID 5016 wrote to memory of 452	5016	Unicorn-60230.exe	94
PID 5016 wrote to memory of 452	5016	Unicorn-60230.exe	94
PID 1760 wrote to memory of 3212	1760	Unicorn-11626.exe	95
PID 1760 wrote to memory of 3212	1760	Unicorn-11626.exe	95
PID 1760 wrote to memory of 3212	1760	Unicorn-11626.exe	95
PID 1056 wrote to memory of 2676	1056	Unicorn-61180.exe	96
PID 1056 wrote to memory of 2676	1056	Unicorn-61180.exe	96
PID 1056 wrote to memory of 2676	1056	Unicorn-61180.exe	96
PID 1768 wrote to memory of 1304	1768	Unicorn-47445.exe	97
PID 1768 wrote to memory of 1304	1768	Unicorn-47445.exe	97
PID 1768 wrote to memory of 1304	1768	Unicorn-47445.exe	97
PID 4936 wrote to memory of 2976	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	98
PID 4936 wrote to memory of 2976	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	98
PID 4936 wrote to memory of 2976	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	98
PID 5048 wrote to memory of 1432	5048	Unicorn-64982.exe	99
PID 5048 wrote to memory of 1432	5048	Unicorn-64982.exe	99
PID 5048 wrote to memory of 1432	5048	Unicorn-64982.exe	99
PID 1760 wrote to memory of 2256	1760	Unicorn-11626.exe	100
PID 1760 wrote to memory of 2256	1760	Unicorn-11626.exe	100
PID 1760 wrote to memory of 2256	1760	Unicorn-11626.exe	100
PID 1304 wrote to memory of 4812	1304	Unicorn-19801.exe	101
PID 1304 wrote to memory of 4812	1304	Unicorn-19801.exe	101
PID 1304 wrote to memory of 4812	1304	Unicorn-19801.exe	101
PID 1768 wrote to memory of 1672	1768	Unicorn-47445.exe	102
PID 1768 wrote to memory of 1672	1768	Unicorn-47445.exe	102
PID 1768 wrote to memory of 1672	1768	Unicorn-47445.exe	102
PID 2676 wrote to memory of 3820	2676	Unicorn-53739.exe	103
PID 2676 wrote to memory of 3820	2676	Unicorn-53739.exe	103
PID 2676 wrote to memory of 3820	2676	Unicorn-53739.exe	103
PID 1432 wrote to memory of 3584	1432	Unicorn-46177.exe	104
PID 1432 wrote to memory of 3584	1432	Unicorn-46177.exe	104
PID 1432 wrote to memory of 3584	1432	Unicorn-46177.exe	104
PID 4936 wrote to memory of 1500	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	106
PID 4936 wrote to memory of 1500	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	106
PID 4936 wrote to memory of 1500	4936	4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe	106
PID 5048 wrote to memory of 3656	5048	Unicorn-64982.exe	105
PID 5048 wrote to memory of 3656	5048	Unicorn-64982.exe	105
PID 5048 wrote to memory of 3656	5048	Unicorn-64982.exe	105
PID 1056 wrote to memory of 1020	1056	Unicorn-61180.exe	107
PID 1056 wrote to memory of 1020	1056	Unicorn-61180.exe	107
PID 1056 wrote to memory of 1020	1056	Unicorn-61180.exe	107
PID 5016 wrote to memory of 1544	5016	Unicorn-60230.exe	108

C:\Users\Admin\AppData\Local\Temp\4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4bc4be8e53f7e917117a19c77e7428c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
      4⤵
      Executes dropped EXE
      PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
      4⤵
      Executes dropped EXE
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        9⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        9⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        9⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        8⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        8⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        7⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        7⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        7⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        7⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
        6⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        6⤵
        
        PID:18460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
        7⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        6⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        5⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        7⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46607.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        5⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
        5⤵
        
        PID:17620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        8⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        6⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        7⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        7⤵
        
        PID:16128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16128 -s 464
        8⤵
        Program crash
        
        PID:18972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        7⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        6⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        6⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        6⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        7⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
        7⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        7⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        6⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        6⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        5⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        7⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        5⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        5⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        5⤵
        
        PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
      4⤵
      PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
      4⤵
      PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
      4⤵
      PID:18736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47445.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
        10⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
        10⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
        9⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        9⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        9⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        9⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        9⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        9⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        8⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        8⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        8⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        9⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        9⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        9⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        8⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        8⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        8⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        7⤵
        
        PID:17888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        9⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        9⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        9⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19540.exe
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        8⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        7⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        7⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        8⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        8⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        7⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        7⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        6⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        9⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
        9⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        9⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        8⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
        8⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        8⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        8⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        8⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        7⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        7⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        7⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        7⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
        7⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        7⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
        7⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        7⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        6⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        6⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        5⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        9⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        8⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        7⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        7⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        7⤵
        
        PID:17592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
        7⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        7⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        6⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        6⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        5⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        7⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        6⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        6⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
        5⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
        5⤵
        
        PID:18296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
      4⤵
      PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
      4⤵
      PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        8⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        7⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        7⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        7⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        7⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        5⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        7⤵
        
        PID:18096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        6⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        6⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        5⤵
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12576.exe
        7⤵
        
        PID:18276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        7⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        6⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        5⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
      4⤵
      PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
      4⤵
      PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
      4⤵
      PID:7172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        6⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 720
        7⤵
        Program crash
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 728
        7⤵
        Program crash
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        6⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        6⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30887.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        6⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        5⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        5⤵
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        5⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        5⤵
        
        PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
      4⤵
      PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25508.exe
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
      4⤵
      PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
      4⤵
      PID:9112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      4⤵
      PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        6⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        6⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        5⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        5⤵
        
        PID:17644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
    3⤵
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        5⤵
        
        PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
      4⤵
      PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      4⤵
      PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
      4⤵
      PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
      4⤵
      PID:18584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
      4⤵
      PID:18320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
    3⤵
    PID:7444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
    3⤵
    PID:8304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
    3⤵
    PID:13632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
    3⤵
    PID:17020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
    3⤵
    PID:18676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
    3⤵
    - Executes dropped EXE
    PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
    3⤵
    - Executes dropped EXE
    PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        7⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        7⤵
        
        PID:18640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        6⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        5⤵
        
        PID:18108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        5⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        5⤵
        
        PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        5⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        5⤵
        
        PID:17384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
      4⤵
      PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
      4⤵
      PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
      4⤵
      PID:5916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
      4⤵
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34589.exe
        6⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        5⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        5⤵
        
        PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        5⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        5⤵
        
        PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
      4⤵
      PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
    3⤵
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        5⤵
        
        PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
      4⤵
      PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      4⤵
      PID:16972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
    3⤵
    PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
      4⤵
      PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
      4⤵
      PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
      4⤵
      PID:18412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
    3⤵
    PID:8652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
    3⤵
    PID:11312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
    3⤵
    PID:15124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
    3⤵
    PID:17852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        9⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        9⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        8⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        8⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39715.exe
        8⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        7⤵
        
        PID:16316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16316 -s 424
        8⤵
        Program crash
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        7⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        6⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        6⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        6⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        6⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        6⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2559.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        5⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42079.exe
        6⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        8⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        8⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        6⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        6⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
        7⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        7⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        5⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        5⤵
        
        PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        7⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        6⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        6⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        5⤵
        
        PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        5⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
      4⤵
      PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        7⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        5⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        5⤵
        
        PID:18544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        5⤵
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 608
        6⤵
        Program crash
        
        PID:7676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 640
        6⤵
        Program crash
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15500.exe
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        6⤵
        
        PID:18548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        5⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        5⤵
        
        PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        5⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        5⤵
        
        PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
      4⤵
      PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
      4⤵
      PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
      4⤵
      PID:16000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
      4⤵
      PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      4⤵
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        7⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        6⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        6⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        6⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        5⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        5⤵
        
        PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        5⤵
        
        PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
      4⤵
      PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
      4⤵
      PID:11908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
      4⤵
      PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
      4⤵
      PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
    3⤵
    PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53544.exe
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
      4⤵
      PID:11480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
      4⤵
      PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
      4⤵
      PID:17876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
    3⤵
    PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      4⤵
      PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
      4⤵
      PID:7740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
    3⤵
    PID:9340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
    3⤵
    PID:12600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
    3⤵
    PID:15976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
    3⤵
    PID:5124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        5⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        7⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        7⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        7⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        6⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        6⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        6⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        5⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        6⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        5⤵
        
        PID:18672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
      4⤵
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
      4⤵
      PID:17840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        5⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        5⤵
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
      4⤵
      PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
      4⤵
      PID:18176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9419.exe
        5⤵
        
        PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
      4⤵
      PID:14964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
      4⤵
      PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
      4⤵
      PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
      4⤵
      PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
      4⤵
      PID:18396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
      4⤵
      PID:18720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
    3⤵
    PID:7636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
    3⤵
    PID:15084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
    3⤵
    PID:17544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
    3⤵
    - Executes dropped EXE
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        5⤵
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 596
        6⤵
        Program crash
        
        PID:7968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 644
        6⤵
        Program crash
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        6⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        6⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        5⤵
        
        PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
      4⤵
      PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      4⤵
      PID:16960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
      4⤵
      PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
      4⤵
      PID:9624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
      4⤵
      PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
      4⤵
      PID:18356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
    3⤵
    PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
      4⤵
      PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
      4⤵
      PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
      4⤵
      PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
      4⤵
      PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
    3⤵
    PID:7536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
    3⤵
    PID:11304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
    3⤵
    PID:15024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
    3⤵
    PID:5044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        5⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        5⤵
        
        PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
      4⤵
      PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
      4⤵
      PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
      4⤵
      PID:18664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
    3⤵
    PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      4⤵
      PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
    3⤵
    PID:7692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
    3⤵
    PID:11360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
    3⤵
    PID:14876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
    3⤵
    PID:5640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
  2⤵
  PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
    3⤵
    PID:7592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
    3⤵
    PID:10248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
    3⤵
    PID:14096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
    3⤵
    PID:17312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
    3⤵
    PID:6784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
  2⤵
  PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
    3⤵
    PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
      4⤵
      PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
    3⤵
    PID:11216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
    3⤵
    PID:14140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
    3⤵
    PID:16772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
  2⤵
  PID:6748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
  2⤵
  PID:11344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
  2⤵
  PID:14892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
  2⤵
  PID:1012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3992 -ip 3992
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4108 -ip 4108
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4820 -ip 4820
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4820 -ip 4820
1⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3992 -ip 3992
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4108 -ip 4108
1⤵
PID:8884

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:19404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe

Filesize
184KB

MD5
e353c2bfb03ae184089b9638c707bc69

SHA1
40ca0a25a3a76447b9996e4deeead047df7c4b78

SHA256
1ecf7c907af53cf6a2f0c8d582c86280448267ca5a475dfa0369f186f9a2c49e

SHA512
4c438c361a6767def569f51b6b02dcaeba51cf7bb6cb4e38709f4d04f163f12fd8c72f592dfe9bf54131700a0ca2ab8b5cfd480bab1fff367e54314ccfbc865f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe

Filesize
184KB

MD5
cf29b9afa415bf50ffb83b11fbbe2141

SHA1
8b5672a94a66159f1ded61dec1b6897d5cf1626c

SHA256
cea350fdd49ffa2222c2c0c009fcf2748ce4db3b1de927198379f0c063a9ea2b

SHA512
4bdd9bad601fd3da5c4cc5b6707322a824f83450f3fa1907c6bc25503b228efb2e31244420b62953fae481bab0365defb23ed374686509d27cce20dec552cf73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe

Filesize
184KB

MD5
7906a3d06bfcd76eb412073c4ca4f283

SHA1
d81c3c48247e4fff5dd373eae1222e2de5f5dd87

SHA256
5e5aed5f6f94ec87c37899210d0b018d95ec0b6678ef7a5a0cfe8f8eeaeed558

SHA512
b29bf7da40e97838a1f8319a2c199d413dec23db604401716495d2fba2599b2f3c09ac7a25a8b1a69188fcfd560294747c8dd14168258031145e899db492d97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe

Filesize
184KB

MD5
cb03a76e52fa6bd05cd07978bd119a79

SHA1
f780e0c5daa3438d96443a129b866c6c5e68a0b5

SHA256
2d9372f948e5d1b924fdfc894430e6f8f18af58c9acd0810bd3488a3b293caf0

SHA512
ce07860e225fb4688528068166d863a6e6e695d3cb4a568a9766f9bd3d296afeb45e514ee7da052286ea2956c88755b1d26c88f52485538c0675be1e7e4d0f6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe

Filesize
184KB

MD5
4d426d38d6ffc8763df1c5555a86c8ef

SHA1
d38f3049362190e222b637952ae8d743a64cf8c0

SHA256
73c9d68db6da0db05b8d5fb3f11227bd0bd1526669de2f4b750370fd4bb3ccd0

SHA512
83cf216fb4b625703df044150cfbb8c33b4650e568b36aa74f6049e9974f0af407417182d9ac1c0ffded2a838fbef96a7a00d175b3b77818a7d06c65636af583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe

Filesize
184KB

MD5
d0fefab8426193ab03a3c436a5eda55b

SHA1
367ad560aef76b24aaefbb7c74476e7058e8d605

SHA256
f5fd5ff7511719e8751ae3b56676e2cec3e550191d97d6e03814c5cae2788d89

SHA512
31d48242e1d7a3ac1ebf1b3c070b99ba1ba3e1b71e2f26242a3053089b199ee47b0d23164a3bee16d0ad9f8f247715b075ed997d07930ed6f2ffc36296778f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe

Filesize
184KB

MD5
e6f36225d3bbf2f6645fcd0346238a0a

SHA1
27599a0aabababfa3a5da000c35464f4d7bf109b

SHA256
23db0283b61286edfb4a30c2883ef67f7d16e1013c6a3e7b7fdcb0dcf0370cda

SHA512
3597a3386029286d2d4c78ff8d14d74fbc398971342ba020106c338c422d61e86ff1975b01a53e8fe8aa2adf81ddc88e505e143dbf73c6d6fcb7fcef55f3e1ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe

Filesize
184KB

MD5
bb91f6d08a5147b5278d61fe38bd1f41

SHA1
88a929364f9a2842272d79d26c55334cc7819930

SHA256
6910620e8f71e596a027e92dcb600e7736796d2918ce5e8e3eba872674e26f80

SHA512
d018e10d62cf4f6f7a7256a64ad2b31a464f55e9f5f90e786bfaa43480a891e7d2a684ec0f32e2281e8deee896a3fce193992b4373b37971ca30a639025eda2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe

Filesize
184KB

MD5
530c16aecbc4452f935ef241ffb144ae

SHA1
5f2d141134f26177f909eaaa12f8239accd37eab

SHA256
bc5a4f5c14feec7e4b101fb26a3fd72bb21bdc93f2fcf5e4302fa692a9a83137

SHA512
21d0c928d520a2bca51599a4112c619ad147e62635ec39cd54d92551fd3751f8059a1b1b579d597e10b2b401847e6b004474a40dcda47f91bd31cf6b4c991673

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe

Filesize
184KB

MD5
0f18efe3b16b9f1bfc86a2bcf497e9f4

SHA1
fddb2fb8b3ea436fccf25946a0ee128b172e5011

SHA256
ce40a07fd5a55f612666c73baaa59cf2230b68deeee2ca09c1269685a5533221

SHA512
ed2d3f6bbcb8a88bccc37d8858f40fa8ac0578c2f69ec13e78d6e694b07fdf8d1abdea12307f60fedf08ade4cc38f3fed00fc757d6e173c7120b1011981aaffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe

Filesize
184KB

MD5
be745632156c4b9b5929c0b7191b93b9

SHA1
0f722f17d354a1b7c3ef8b174f8264d7297f3517

SHA256
2482621c84c97a9b1f77bbc3bd92de278f7effc0a147a5b7f7c7e1bdb6dbfb1b

SHA512
82438ee2aaa4f4753fdba109f8221d78cbc0547e9d2023ed19a9ebc0bc1adb0f5c137680cc219e3387add7aeb5b06d6cfe0a7338c36e4f21f221b9f9b706d7c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe

Filesize
184KB

MD5
5a390f2fbe9bfb8aff1ff589c2865913

SHA1
2b8c36910566272603ed2ba7fe8872d719cc34a5

SHA256
6fbb026ad8e8051d62ceaafb5fce0b39b022fb00c045ba176ce975127bb65c3a

SHA512
42afc4f4235210bf7b8a6a6dac5ed5e6749d89449adbfa445fb393cc6495a4817043ff2e043a31dbe1d4915b05980044f1d2dce52c9e27d97f62bf1b70de6ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe

Filesize
184KB

MD5
e980b66dad130a06764fc95c95f25af4

SHA1
d18ebd7bdea25eeb4f3d7e94be9f30e7b1b38a6d

SHA256
d0bc23f0ec849662f7cbc75015bddd98ca160740fd468e9295321ddf21b7c513

SHA512
e6b64d4ebee72c7fe7e822acfff0291fa28af0ca3ae8b86dd51fff3abe2767aa340e79df5cb11a734af480bf5fbe69299045a2aab87ccb9ee1de65ab32b1537d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe

Filesize
184KB

MD5
acad79ee1e514747aaa5f25c8b985c61

SHA1
fa7fde60186e75f82583d63f215f628482a70de8

SHA256
c25623e423f7d0e694f433f7f87b07717384b623530307a04d2f242e3a2af4cf

SHA512
a36e9f430bb9f103c9d1149cb1508b6b17099a7bdf1cf327c40764ddd768cc51cac8c87971ea9ddf90053ebbd163ac15c8136187721a9a36bfc6d54dc7ac4fb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe

Filesize
184KB

MD5
523ad93f1b8572f91973f5e3661216ae

SHA1
0c7eadd89ca11ad911ed69d53fdb722ba9ab0ad9

SHA256
bcca93c0ff7a3d8a2ac3badc91612fbaa997587c7a319119d48107f4769d5717

SHA512
3f17257724d3b08eb549782ebf858c161f9cf15599e908d1e27b875e97fbf87caa5e7bc23bb4e2b0aca9119446f8e82689ef3c5e696269176c50f6f9bcffb0f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe

Filesize
184KB

MD5
0bc38ad138a5a019c302a4009ba1cf79

SHA1
1e12ae37a0ddb21d6fae227416a26077e6f057ef

SHA256
e9aa47106b5d24102ee722bc56221818202de38800f16c37d4ded0af0297f53c

SHA512
ec36304ece5e5bfe7cb88cbca828ac592ff76d8974580a4136d5b969b1cee415e431a24fdb224b849c102892194601956af2df70402dbec24fa45692a9bfddc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe

Filesize
184KB

MD5
e8e65296163abf4851cf20e046ea1461

SHA1
4b421da65c78a0f2e372ce5028f2f158d6b0a07a

SHA256
b5295455b1275e178eaa6721ea5a8836c2d24b5a8b3a135df84b7cb4d14067eb

SHA512
48b49fcfa2b717960ccb94e0c08fc13bbc6e3f931f67f0d76532b933d4edb3ad9b5388641dfcc204b9392b26b455a8a4c63fda50366f59b99f83620f83ce54f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe

Filesize
184KB

MD5
56afe2c91baa2a4f564b82f2138a3156

SHA1
bda633e45b4f92ddab3dac4fd47c92d3455454dc

SHA256
27072674a4cf49e0b55e5720e3f3276e30ff83dc0f251ed21d4c08f520eb5224

SHA512
b1acaf62a0792086fa9c70bdd0a670507762a0e607546c69e8b1bbdd3b1b930629088856f09dac62db86ca601f96e98c6b75eee8ebad75642e287e21e5f60810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe

Filesize
184KB

MD5
1a6f36ecb4864ae4cff9162c811ac9b2

SHA1
61d010d3a09aad2e8b6099ca3fdbe152b374baaa

SHA256
de465ffe90a8ec93d6bbd51295d4b90c28f4b89b1a5b2d369881f12ff4e56b5b

SHA512
06c4947710b196e0fe5c7bd69603f1b15187c9283f8cdb86b27502cdd5bea6913ef5d1cfcfcf9b36b107aae7a32dfcd85741eb72d13ab927dd3d19d9aa7ba3b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe

Filesize
184KB

MD5
2f321a0c1beb7c054248b1ff80fd921f

SHA1
d894c34b69d87dc2d5be3abf4764cfdaf73ff106

SHA256
8d2b79777315829f5fde6ea524be516707f11b6bb1f998d75d1fd00e196c3558

SHA512
de8ca0ae3dc5799a9676b8b8a7312ce771b75380aec1f61d5ec9dc75f4d53bb345e66a212e54916c81ba7914c122bad94fa34e5707e014e7485b0f60e416c542

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe

Filesize
184KB

MD5
2a85fa7f4caa436017d58a1761369540

SHA1
ea6d388fb040405bf569d4f7f3a0f2388cd59bc7

SHA256
2d4ea602ac971c818d16b55d441593bc546d658f6304747c136fa9cdbb3c0fc2

SHA512
ebcc58732799db59c861f8c8ae9b5ed96a91dfcda514f812b052c5f61fc58c16e16a661d3905e071e33c60dd620e7556d66cef557896236c96e1c58fde16a720

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe

Filesize
184KB

MD5
30a8f2216a424ac1ea0520298c43971c

SHA1
1c5d0ba8d49f1754a30b23ec1719c81d7d1a3648

SHA256
f6332cae1419cbf2f83ad4888b008ba41232a3ff2bf445fb634fa6166a9052e0

SHA512
5a7454677bda7c00e62a12dc9c59896a746bc1ef7bb7a4af3c0a954118eee5a81d6a25473f0935c2cf1883fc31adc73d5b3ef1949eec3b3d7609b17bc2b0928e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47445.exe

Filesize
184KB

MD5
1d5890c218598e520416e406ad0a5638

SHA1
7fe9d7464607c90218a846a2d319c0e2c1832ed3

SHA256
bc7a844a928cecf3c52d81564d95ebb5a90fffa057214d69ceda2bad23d42e9d

SHA512
ef1a13168183adab43b732a10554a0252e83c52777e73df5265bdbf63591d294e0049584e278329a9b9b9af1267022141e9ba9c1832b93770b2908e342c9bf56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe

Filesize
184KB

MD5
91e5bff80db3e452599af02459cd0c1c

SHA1
1453d2df6bc2ac566905b684031c71d12138f228

SHA256
b79d2ccf2063bf5cb0428c55ec8ccb59f4d2bad8407cdec20046cc6c3dabd21e

SHA512
fbe7eb75d629ee1d8a447f78b3f95d34dc3d88fbaadb111db407a8ec8804534a7f0414a8f035a05388a129f8d8d3c543cbd9b0ccaf2b5342d1d02c99fe69cf9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe

Filesize
184KB

MD5
accedaa3bc7a0ca526d0fc20b3865145

SHA1
37f8ec163a9c430596e628d733473541cae55bc3

SHA256
96768abf95e1f245cccb51e1e367b0598d6252498295b46ea59c1206f00cca36

SHA512
e68e9ea1e9b8b1daa27eb3a256fce9f8075a4e9ad995b16630a260d82749dde75bbc97f10ef6103592478bb6f8ad1c7a2158cb7e8b2734696508785f239e1c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe

Filesize
184KB

MD5
f02fff75bcbf99ae373cba166493f7ea

SHA1
6fc92b70966636e3bfed74a5b1bc3ad9aabe72c1

SHA256
9936f5bd0da9cc13453940f5479b2dcbffc4c8b30577300a9db46fc2f8c59086

SHA512
1fef2a2a5dc76277c28bb3e3dc376bd9cac23e0b7eb9dd6ce4629cac9a8719f538ef9864bd6cccf60773745a3c596d90ab8d76304811913c300b9a75fedafac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe

Filesize
184KB

MD5
99f38a34518156a3b7ee04ff56d6d405

SHA1
bc5439f689ebb5221543bfb9db329d854e8deb3b

SHA256
c679062f969c133229f6fbcabb1ec5acd75b41be42dee2d6b32995042c1bdc94

SHA512
19b37bc50fd358c834f1b9fefb0d13d0ed25bb53ac06c8a90268826150ea04a1c8ceda8a8eb5bbed5ef0469836773779fc4ab1964e15c1b959f23c8ecefd2431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe

Filesize
184KB

MD5
dd62fb3bf4b654cbaa9def80fa80ad93

SHA1
cf7fb1d19c5eb992973bad959a6fe23be9d16bc8

SHA256
f0275f70182cf438ad4a4cae19bdc6086ded61763ef1bb782312d5da01a06b7f

SHA512
aec2c0ebf01edfa00bd7ab046c62bf51493afdc2ba4402d52d24336ccfca87e1c94cc914201414aa9436a883ca36273b639f2421507de18df8422f343db3a01d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe

Filesize
184KB

MD5
4d07bd762b3ea9b246e16c1a1e316780

SHA1
24877a190898e8f3c049861872176068b9f4559a

SHA256
fe4d0466ae3a4246682ede1b98522decb263bcd1b26a4b721ab7c437d9dbb81c

SHA512
ecb42ecccc38df3087c8c56100f4532351d66fee9a04c38302a528e34e9f2fb6cdb87dfa9864e9070aa3cf14d8a18c3a9617edbc5ddf925faebf53bd32c038cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe

Filesize
184KB

MD5
c7b3739e8c28b95f978a2c5cbe85c7d9

SHA1
bbd42f9de79291780ab9791fdf5848dd6174ea2b

SHA256
3e0a212c635b234be9024700ba2a9b2434503ead8be6eee8cbf9b83cbb146f4f

SHA512
7ee57f944fd7d3789cd82e8dcc40db7113e47aab61cf43b4c1a26ba629f942d5aec2e13633bdab4512d35aa68c7b5cfed84acbd1b05f22f0b29752e664e4c346

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe

Filesize
184KB

MD5
1e3dd1771075b19438fb8cf399e1a6ac

SHA1
29e187b740a626495ae9539ecb7ceef3ff2623e8

SHA256
7f372cb1cf1ce74762a7fd8707cf336db9846651956fdf4abd27f087e898cb35

SHA512
27ea633b90ca2991a5905aaf366a39aa124f1f3d07ef15d184c28a3cfd6bd68a25b4fa40a90dd0915f62185517993aa3510714f45eea9925f0478626d7efba8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe

Filesize
184KB

MD5
b8c246023d9b92252f998d199cdfadb0

SHA1
86eb34cc844e8b31b1295ba06e678f5017f4cfc4

SHA256
791dc189a345cbbad0de677448efcda6f2db6dcd848f6db1c3401457f229ee2a

SHA512
d440bc57cbcffa87756ba186beb792d0d67ba9eedd2a814e13eb1d8c021f3e5529c6d62fdd684c4631e7c69e03f20c8d118e5c43837df2e1ddb473588482cbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe

Filesize
184KB

MD5
b7ccc47c6a1df9903cc9634093f0efc0

SHA1
907814b6e2bb10178c4e53fc4ec3c5cc262f7472

SHA256
d7b64bf697872feaf602f9c690845994e2bfff9b6dddb3dfbb9f912c0a6884a0

SHA512
1ff9e4278038694249abb2fba41b40558ba26d28d4dfde115d63c31cb20a85ec9daafe3be87177568b0dd7b4b7a810a0d5d61bebe3bc9a984fe00b33bb73775a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe

Filesize
184KB

MD5
e777088d33239e8d5f07edcf38669e9f

SHA1
11dc09fe6d28a5b131c89c73b036181d3de5295c

SHA256
0493bffdab90ea108f7c589ffa59d935593dfb36d375c7b33bf6829770140b9a

SHA512
d6ed22e7d4d84aa37ce2c7e1248bb6d326eff22d0b298a0bea79bac4c8d0043692c3aa12e8b947049297c70b268bfa4f1dc1acd639cfb16bddb4a10296b69c96

Download Submit
memory/964-3656-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5340-3652-0x00007FFC28E70000-0x00007FFC29065000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads