f02df7dd66b21b637f3bec9ff7bf0d1af0313c983fdd3bda9d376cf0e5946da7

Analysis

max time kernel
148s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe
Size

468KB
MD5

efdd2c31d18367298720a58a086f0070
SHA1

54902d36118a4942e40e742aa14bdf148cd296c5
SHA256

f02df7dd66b21b637f3bec9ff7bf0d1af0313c983fdd3bda9d376cf0e5946da7
SHA512

6d0becb8c8784d93a5f8fb77ed231f5d19c2eb2951c613b3fb39ddd042109b7ea031d2866db9c1264f1928852506c2939ac5a0af951afb4604547fbc85aade03
SSDEEP

3072:1bACogIdhz5YtbYJPzcjCf8/EChXPIplnmHCxVh54DxLcZRu3kXE:1b1o5dYtOP4jCfu0fb4DtkRu3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2100	Unicorn-21612.exe
2352	Unicorn-47808.exe
3224	Unicorn-52639.exe
4604	Unicorn-9463.exe
4504	Unicorn-19669.exe
2300	Unicorn-1850.exe
1184	Unicorn-21716.exe
3116	Unicorn-8607.exe
4224	Unicorn-5270.exe
3548	Unicorn-58000.exe
3664	Unicorn-6753.exe
4916	Unicorn-20476.exe
1040	Unicorn-610.exe
2884	Unicorn-20210.exe
4792	Unicorn-6998.exe
372	Unicorn-10719.exe
5108	Unicorn-21885.exe
3112	Unicorn-3511.exe
4628	Unicorn-61435.exe
1928	Unicorn-40460.exe
4776	Unicorn-61072.exe
1668	Unicorn-61072.exe
3444	Unicorn-7787.exe
4780	Unicorn-11871.exe
4552	Unicorn-15934.exe
4252	Unicorn-35535.exe
3848	Unicorn-7766.exe
4372	Unicorn-18701.exe
1988	Unicorn-41922.exe
1300	Unicorn-16916.exe
3128	Unicorn-14869.exe
4112	Unicorn-5623.exe
5104	Unicorn-21960.exe
4672	Unicorn-15270.exe
1124	Unicorn-6282.exe
1796	Unicorn-27160.exe
2416	Unicorn-49810.exe
1968	Unicorn-10823.exe
2968	Unicorn-22500.exe
2844	Unicorn-14886.exe
4432	Unicorn-39582.exe
4572	Unicorn-6163.exe
1480	Unicorn-6163.exe
4668	Unicorn-19162.exe
4516	Unicorn-39028.exe
3472	Unicorn-6355.exe
2152	Unicorn-10439.exe
4444	Unicorn-63724.exe
4412	Unicorn-57594.exe
4560	Unicorn-27736.exe
4976	Unicorn-31820.exe
972	Unicorn-26973.exe
3724	Unicorn-1185.exe
2896	Unicorn-7050.exe
1396	Unicorn-47386.exe
2696	Unicorn-52987.exe
2444	Unicorn-11207.exe
4852	Unicorn-8638.exe
2272	Unicorn-40756.exe
4716	Unicorn-36407.exe
3096	Unicorn-62136.exe
1424	Unicorn-8851.exe
2864	Unicorn-9598.exe
5060	Unicorn-41716.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
8612	6212	WerFault.exe	232
9320	8932	WerFault.exe	402
11700	6212	WerFault.exe	232
4272	16912	WerFault.exe	844
10408	4932	Process not Found	929
12680	5332	Process not Found	1025
10304	5792	Process not Found	944
13468	3088	Process not Found	932

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8016	dwm.exe
Token: SeChangeNotifyPrivilege	8016	dwm.exe
Token: 33	8016	dwm.exe
Token: SeIncBasePriorityPrivilege	8016	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe
2100	Unicorn-21612.exe
2352	Unicorn-47808.exe
3224	Unicorn-52639.exe
4604	Unicorn-9463.exe
2300	Unicorn-1850.exe
1184	Unicorn-21716.exe
4504	Unicorn-19669.exe
3116	Unicorn-8607.exe
4224	Unicorn-5270.exe
3548	Unicorn-58000.exe
3664	Unicorn-6753.exe
4916	Unicorn-20476.exe
1040	Unicorn-610.exe
2884	Unicorn-20210.exe
4792	Unicorn-6998.exe
372	Unicorn-10719.exe
5108	Unicorn-21885.exe
4628	Unicorn-61435.exe
3112	Unicorn-3511.exe
1928	Unicorn-40460.exe
1668	Unicorn-61072.exe
3444	Unicorn-7787.exe
4776	Unicorn-61072.exe
4552	Unicorn-15934.exe
4780	Unicorn-11871.exe
3848	Unicorn-7766.exe
1988	Unicorn-41922.exe
4372	Unicorn-18701.exe
4252	Unicorn-35535.exe
1300	Unicorn-16916.exe
3128	Unicorn-14869.exe
4112	Unicorn-5623.exe
5104	Unicorn-21960.exe
4672	Unicorn-15270.exe
1124	Unicorn-6282.exe
1796	Unicorn-27160.exe
2416	Unicorn-49810.exe
2968	Unicorn-22500.exe
1968	Unicorn-10823.exe
1480	Unicorn-6163.exe
2844	Unicorn-14886.exe
4572	Unicorn-6163.exe
4432	Unicorn-39582.exe
4516	Unicorn-39028.exe
4668	Unicorn-19162.exe
3472	Unicorn-6355.exe
3724	Unicorn-1185.exe
2152	Unicorn-10439.exe
4560	Unicorn-27736.exe
4412	Unicorn-57594.exe
4976	Unicorn-31820.exe
4444	Unicorn-63724.exe
2896	Unicorn-7050.exe
972	Unicorn-26973.exe
1396	Unicorn-47386.exe
2696	Unicorn-52987.exe
2444	Unicorn-11207.exe
2272	Unicorn-40756.exe
4852	Unicorn-8638.exe
4716	Unicorn-36407.exe
1424	Unicorn-8851.exe
3096	Unicorn-62136.exe
2864	Unicorn-9598.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 2100	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	87
PID 3628 wrote to memory of 2100	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	87
PID 3628 wrote to memory of 2100	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	87
PID 2100 wrote to memory of 2352	2100	Unicorn-21612.exe	92
PID 2100 wrote to memory of 2352	2100	Unicorn-21612.exe	92
PID 2100 wrote to memory of 2352	2100	Unicorn-21612.exe	92
PID 3628 wrote to memory of 3224	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	93
PID 3628 wrote to memory of 3224	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	93
PID 3628 wrote to memory of 3224	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	93
PID 2352 wrote to memory of 4604	2352	Unicorn-47808.exe	95
PID 2352 wrote to memory of 4604	2352	Unicorn-47808.exe	95
PID 2352 wrote to memory of 4604	2352	Unicorn-47808.exe	95
PID 2100 wrote to memory of 2300	2100	Unicorn-21612.exe	96
PID 2100 wrote to memory of 2300	2100	Unicorn-21612.exe	96
PID 2100 wrote to memory of 2300	2100	Unicorn-21612.exe	96
PID 3224 wrote to memory of 1184	3224	Unicorn-52639.exe	97
PID 3224 wrote to memory of 1184	3224	Unicorn-52639.exe	97
PID 3224 wrote to memory of 1184	3224	Unicorn-52639.exe	97
PID 3628 wrote to memory of 4504	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	98
PID 3628 wrote to memory of 4504	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	98
PID 3628 wrote to memory of 4504	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	98
PID 4604 wrote to memory of 3116	4604	Unicorn-9463.exe	100
PID 4604 wrote to memory of 3116	4604	Unicorn-9463.exe	100
PID 4604 wrote to memory of 3116	4604	Unicorn-9463.exe	100
PID 2352 wrote to memory of 4224	2352	Unicorn-47808.exe	101
PID 2352 wrote to memory of 4224	2352	Unicorn-47808.exe	101
PID 2352 wrote to memory of 4224	2352	Unicorn-47808.exe	101
PID 2300 wrote to memory of 3548	2300	Unicorn-1850.exe	102
PID 2300 wrote to memory of 3548	2300	Unicorn-1850.exe	102
PID 2300 wrote to memory of 3548	2300	Unicorn-1850.exe	102
PID 2100 wrote to memory of 3664	2100	Unicorn-21612.exe	103
PID 2100 wrote to memory of 3664	2100	Unicorn-21612.exe	103
PID 2100 wrote to memory of 3664	2100	Unicorn-21612.exe	103
PID 4504 wrote to memory of 4916	4504	Unicorn-19669.exe	104
PID 4504 wrote to memory of 4916	4504	Unicorn-19669.exe	104
PID 4504 wrote to memory of 4916	4504	Unicorn-19669.exe	104
PID 3224 wrote to memory of 1040	3224	Unicorn-52639.exe	105
PID 3224 wrote to memory of 1040	3224	Unicorn-52639.exe	105
PID 3224 wrote to memory of 1040	3224	Unicorn-52639.exe	105
PID 3628 wrote to memory of 2884	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	106
PID 3628 wrote to memory of 2884	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	106
PID 3628 wrote to memory of 2884	3628	efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe	106
PID 1184 wrote to memory of 4792	1184	Unicorn-21716.exe	108
PID 1184 wrote to memory of 4792	1184	Unicorn-21716.exe	108
PID 1184 wrote to memory of 4792	1184	Unicorn-21716.exe	108
PID 4224 wrote to memory of 372	4224	Unicorn-5270.exe	109
PID 4224 wrote to memory of 372	4224	Unicorn-5270.exe	109
PID 4224 wrote to memory of 372	4224	Unicorn-5270.exe	109
PID 2352 wrote to memory of 5108	2352	Unicorn-47808.exe	110
PID 2352 wrote to memory of 5108	2352	Unicorn-47808.exe	110
PID 2352 wrote to memory of 5108	2352	Unicorn-47808.exe	110
PID 3116 wrote to memory of 3112	3116	Unicorn-8607.exe	111
PID 3116 wrote to memory of 3112	3116	Unicorn-8607.exe	111
PID 3116 wrote to memory of 3112	3116	Unicorn-8607.exe	111
PID 4604 wrote to memory of 4628	4604	Unicorn-9463.exe	112
PID 4604 wrote to memory of 4628	4604	Unicorn-9463.exe	112
PID 4604 wrote to memory of 4628	4604	Unicorn-9463.exe	112
PID 3548 wrote to memory of 1928	3548	Unicorn-58000.exe	113
PID 3548 wrote to memory of 1928	3548	Unicorn-58000.exe	113
PID 3548 wrote to memory of 1928	3548	Unicorn-58000.exe	113
PID 3664 wrote to memory of 4776	3664	Unicorn-6753.exe	115
PID 3664 wrote to memory of 4776	3664	Unicorn-6753.exe	115
PID 3664 wrote to memory of 4776	3664	Unicorn-6753.exe	115
PID 4916 wrote to memory of 1668	4916	Unicorn-20476.exe	114

C:\Users\Admin\AppData\Local\Temp\efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\efdd2c31d18367298720a58a086f0070_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        10⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
        9⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        10⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
        10⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        9⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        9⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        8⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        9⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        9⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
        9⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        8⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        9⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        9⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        9⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        8⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        8⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        8⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        9⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        9⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        8⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        7⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        7⤵
        
        PID:18256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        7⤵
        
        PID:18336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        7⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        7⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        6⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        9⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        9⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        9⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        9⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        8⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        8⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        8⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
        7⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
        7⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5395.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        8⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        8⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        8⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        8⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        7⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        7⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        6⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        5⤵
        
        PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        9⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        9⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        9⤵
        
        PID:18396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        9⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        9⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        9⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        9⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        9⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        8⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        8⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        7⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        8⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        8⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
        8⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        8⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        7⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        7⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        7⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        6⤵
        Executes dropped EXE
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        9⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        8⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        8⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        7⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        7⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        6⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        7⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        6⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        6⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        6⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        5⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        5⤵
        
        PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        8⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        9⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        9⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        7⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        7⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        6⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        6⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        6⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        6⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        5⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        5⤵
        
        PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        5⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        7⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        6⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        5⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        5⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        5⤵
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        5⤵
        
        PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
      4⤵
      PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
      4⤵
      PID:8848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        9⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        10⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        10⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        10⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        9⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        9⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        9⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        8⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        8⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        7⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        8⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        8⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        7⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        7⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        8⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        7⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        7⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        6⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53062.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        6⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        5⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        5⤵
        
        PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        6⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43526.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        8⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        8⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
        7⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        7⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        7⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        6⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        7⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        5⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        5⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
        6⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41073.exe
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        6⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
        6⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        5⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        5⤵
        
        PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        6⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        6⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        5⤵
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        5⤵
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
      4⤵
      PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
        9⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        9⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        9⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        8⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        8⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        7⤵
        
        PID:18176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        7⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        7⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
        6⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        7⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        7⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
        6⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        6⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        6⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        5⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        5⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        5⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        5⤵
        
        PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        6⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        5⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        5⤵
        
        PID:14532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
      4⤵
      PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
      4⤵
      PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
      4⤵
      PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        6⤵
        
        PID:16912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16912 -s 72
        7⤵
        Program crash
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        6⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        6⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57802.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        5⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        6⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        5⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        5⤵
        
        PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
      4⤵
      PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
      4⤵
      PID:18284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        5⤵
        
        PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
      4⤵
      PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        5⤵
        
        PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
      4⤵
      PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
      4⤵
      PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        5⤵
        
        PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
      4⤵
      PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
      4⤵
      PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
    3⤵
    PID:7640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
    3⤵
    PID:11144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
    3⤵
    PID:14712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
    3⤵
    PID:5476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
        8⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        7⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        8⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        8⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        7⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        7⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        7⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        7⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        7⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        6⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        7⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        7⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        6⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        5⤵
        
        PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58055.exe
        7⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        7⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3985.exe
        6⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43358.exe
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        7⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        6⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        6⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        7⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        6⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        5⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        5⤵
        
        PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        6⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        6⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
      4⤵
      PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
      4⤵
      PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        7⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        6⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        6⤵
        
        PID:18292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        7⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 472
        8⤵
        Program crash
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        7⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        7⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        7⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        6⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        5⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        5⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        5⤵
        
        PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        7⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
        6⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        6⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        6⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        5⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        5⤵
        
        PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
      4⤵
      PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        5⤵
        
        PID:6212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 624
        6⤵
        Program crash
        
        PID:8612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 648
        6⤵
        Program crash
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        6⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        5⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        5⤵
        
        PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
      4⤵
      PID:12164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
      4⤵
      PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6111.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        6⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
      4⤵
      PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
      4⤵
      PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
      4⤵
      PID:18204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        5⤵
        
        PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
      4⤵
      PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
      4⤵
      PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
      4⤵
      PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
    3⤵
    PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
      4⤵
      PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
      4⤵
      PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
    3⤵
    PID:9872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
    3⤵
    PID:14176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
    3⤵
    PID:6192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        7⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        7⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        6⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        6⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        5⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15700.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        6⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        5⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
        5⤵
        
        PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12529.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        6⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        5⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        5⤵
        
        PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
      4⤵
      PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
      4⤵
      PID:17448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        7⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        7⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        6⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        5⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45114.exe
      4⤵
      PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
      4⤵
      PID:8552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exe
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        5⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        5⤵
        
        PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
      4⤵
      PID:13192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
      4⤵
      PID:16964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
      4⤵
      PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
    3⤵
    PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        5⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        5⤵
        
        PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
      4⤵
      PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
    3⤵
    PID:8116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
    3⤵
    PID:15212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
    3⤵
    PID:8568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        7⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        7⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        6⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        5⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        5⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        6⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        5⤵
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      4⤵
      PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
      4⤵
      PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
      4⤵
      PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
      4⤵
      PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
      4⤵
      PID:17460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
    3⤵
    PID:8468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
    3⤵
    PID:11920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
    3⤵
    PID:16256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
    3⤵
    PID:6168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
    3⤵
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        5⤵
        
        PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
      4⤵
      PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
      4⤵
      PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
      4⤵
      PID:10932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
    3⤵
    PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
      4⤵
      PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
      4⤵
      PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
    3⤵
    PID:8680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
    3⤵
    PID:10148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
    3⤵
    PID:16868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
    3⤵
    PID:9632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
    3⤵
    PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        5⤵
        
        PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
      4⤵
      PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
      4⤵
      PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
    3⤵
    PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
      4⤵
      PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
      4⤵
      PID:18224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41947.exe
    3⤵
    PID:11196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
    3⤵
    PID:15236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
    3⤵
    PID:18072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
  2⤵
  PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
    3⤵
    PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
      4⤵
      PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
      4⤵
      PID:7104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
    3⤵
    PID:10960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
    3⤵
    PID:15080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
  2⤵
  PID:7636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
    3⤵
    PID:10248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
    3⤵
    PID:14536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
    3⤵
    PID:5844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
  2⤵
  PID:10948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18894.exe
  2⤵
  PID:15256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
  2⤵
  PID:16388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
  2⤵
  PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6212 -ip 6212
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 8932 -ip 8932
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 6212 -ip 6212
1⤵
PID:10680

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe

Filesize
468KB

MD5
f0043b668d4dc1a2ee2979f31a298ea2

SHA1
5f4a374b6c368eccd3cfc01f21786cdb083a3492

SHA256
f90ed3d4f7a71c630dbac91f71613ac8a6f3d3c294506ccbeac6a458395155e0

SHA512
fff1a6306fe24f3c2d71005cdc85e926f496a709618609f6eb4a1459cca06ef2757f04951f87d564ea11c0c8c9f5a732d36ecc3f51d6f58f8e29494e8dc5c5dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe

Filesize
468KB

MD5
62820f119e311bdae8302faf52bd8043

SHA1
8ad0b6c3b4f841940cf9d4a82951e344204c7f3e

SHA256
415d8571233b714216b07c7d4275ae144483a676b0278040e9c0ac39400783ca

SHA512
a3e4094bb022cede2287ac8606d2ed129834bb4ba34ecc32bca3f2b015ac39832b171a0826230176325d6223fe3346050cce18a526ebc1fa7f5b3b3492ceb740

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe

Filesize
468KB

MD5
2e16277d729b875930a5fde1dbc0a2ab

SHA1
fcd1005c1768718ea9ed1f49c8e03081afc13963

SHA256
2bc65c7ded2b502a8b4978fcc5062620f2eb092388cf0e3f1506f647b9110e71

SHA512
68319471acaa375a1ce13a758a874152f4435abf2978bc2a1aba3325e49fc72f0122ab074776c441712b88ce5e2417aea822adc9e83f846e1ab1cabf527f793f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe

Filesize
468KB

MD5
966c8c9aef5c172d2b969823b0972e71

SHA1
83bf5d6cb7437362ea1ab677a2dcecf0efae6a79

SHA256
07e3170a236b10b877eb499365b32c39911c66be7141c00b81f4a1d229282e26

SHA512
1889a44ca8c08a20c8da33e4a942117eb5a03f74c852398879da44fa6ce6401692df92a5a1f6988dd698503cc43e0ff806f86b62feab7ff07df6ed670d168385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe

Filesize
468KB

MD5
2d8f51fd538f8ce5d8cc5f80b265efe6

SHA1
70f48f455dbb41e4fbde7d933218d688fe6e4860

SHA256
f80aef7b26deb5ef335fa1ca73b406e839f9f9f318b1ed5a1886631e7c949a3c

SHA512
fc3512eb3a4fd76157edcaa0cac6f9eb1accfb7de9cc9ce921a4b9d9528d33f2927d9e8742a2aebdaf38489588acff7ceb60403753e1a29633d4bf200e56cff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe

Filesize
468KB

MD5
fc7d1390e240dcc79a482feb43edbe2c

SHA1
dd8aa16248c3f97ddc3bffa09086129174600dcb

SHA256
173fe44a826505d43d912a60caefe7f880a452c46b5d8deea6030d114da4faee

SHA512
e6e12fe7f71c5da6128a9d8ce455a4699aaa57bef2491e5a2c5344d03f5db830971a472f9fa5c944134b5b1e208f3356bf8a529ac5b9c96719d466da8bb94f4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe

Filesize
468KB

MD5
4eaac59ffba74e41dc4e2e28499d38ab

SHA1
96f70e27fde33f24456ad3dd67ccfed993058a51

SHA256
721f2acc66ce82d027594c614be36e4f07240795db714abe2777b210ff02b9b1

SHA512
374ab8317d3cd1976a7e320330b7eb43c37781ac0685838b81b6317513acc44dd02991ac7353e70edd9ee8e4f5f0be8258dd752b88388d469c73c9e50629b1c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe

Filesize
468KB

MD5
e477a293ee931e58b3e18d647f644d9d

SHA1
5e883d73279c8b5a8db54a37dd521b0ffd306d73

SHA256
cd1b7cae20aa615f2465c0d238e11b9cc0392edacf2c7f59e87064166a73944a

SHA512
d6727ce6130bc3bed3f2530f17d09cc46a51b444ad98870de83e9f569e931f164e4807eca9e5cc2f9a0e8c317469eb978e5b84360abeca31d43b25cf254c3d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe

Filesize
468KB

MD5
6968a521b65f912d35c0345d3abe3d69

SHA1
c00d6145bb532f357fd9d7e8713b27d02cfac929

SHA256
9530c599eef73e6a226f1c03b4f2a783ac5e1c783e21c9bde07210f85a17b389

SHA512
83b9e60064b9ec718c8de61052e32c6387c9f4283584e00c48c38b8c4de251ce457c63fb346e563d1a58f7f912d63284401b21ced11c07ee5a702b215ae845b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe

Filesize
468KB

MD5
baa5060ac0b3857504e8fe6cdc274bce

SHA1
72780d2b437b28765dc246c667f2044db057522e

SHA256
06fb67abf3243eae3b8de6d8e9346609740d0d312fb0b63cce0e8d26f69e7fc9

SHA512
f32aec3e1da0d6ef88dbb284bc6078efcbc791f71155fd9e4a50591ba8826cf6eac6bf48d71550eb25d8acc274bb48120aeb9e3b8d7dbbfe565396c6cfd806df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe

Filesize
468KB

MD5
d8d43c8e7687991b6992a5cdb65bf574

SHA1
1a8a7bf97c36f707234bca5699db38923a1acb06

SHA256
38e96316341e4472963803deb25cf23520fd5dad14f575a955895e410b75a980

SHA512
98d84548c4362d2620ec25ccfebc83699bbee04a743a84a88a8ffba49d54487ef466e9d6b071435eb0d57a92512ce571ea5e9bdea4b3a01e17f2f6b31112e076

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe

Filesize
468KB

MD5
c027ef7de7654db19c6a31cf8fc72a77

SHA1
68d4143f1912c501bdcdd9f62ff87ed1d184a188

SHA256
0cc18d1e6ed53152236d80a06a1c139493c3e5517f53a7e6305831988d6dbc2b

SHA512
c0cc9d52cc40af5f086ccd93b0f338e4211fbfe3036e58eb419cd414e2104c6446afc036ee32e21c4833d38d29388d43d0370ef85d6ee35f27409d92798d37ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe

Filesize
468KB

MD5
a4ecf13e9269f08cc84abb413a157943

SHA1
ebcd41e10ecd48f44805c52a0fcc78e7ca4f4783

SHA256
812068c44617da5d0bca90cd39458b30223899c421afc507ef2bc9b2e2e5b95a

SHA512
93c9078dacab0d5510f68ea97d706fef924d210a57d79d8a4a83384442ca7d9792e293ed0a4782f563d674539c96a05148aec2f34f140ef815073b9d435c56c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe

Filesize
468KB

MD5
51a34b870d813f7ed8f643e8c365e349

SHA1
a8106598e408f7b8a625526a093854446d1018ae

SHA256
02e374c6fa7314144f6b97d9847a65b6f585811dbf2ddf277157b6bc1e331754

SHA512
3b0dc836a9c3eb2a4f50ee1af51afcb8e480d4c8dd26ccf3a0284accf3d1dc726a9f1898be6e79095d4dc4c55b9017cb5c55cb1bd3af91739a02358de4f5ec8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe

Filesize
468KB

MD5
596a6b01ca14cee298d9691f572313e7

SHA1
cf49c045ca3d4cf56064c7ff2296b1b9f2fff990

SHA256
827652085e942dae14e4cc875351815ba9f73235e4e22dab282fed39725720fa

SHA512
4647a8a52955e4f9a7b2b5ab2f2223923807462c1fea388a4db5b2508c3bb99370370f641de7e9a6c0a17059aeb33939b2db1f4ca3dd0c1427c5c98c4e843031

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe

Filesize
468KB

MD5
4b70c4d6377c2f33759f2647fdce8deb

SHA1
4e5dc98d7977523819b91003cc094e69b8f58f0b

SHA256
76752dd313f725915acc5aeccebbb1fc3e51484ed3f9f132608cb03c0e84edf2

SHA512
eb4059c30d08df32990bc0a629f16067f4da8312a63f215d17600c4f4b3b4c41c08133a8c91ec0daf9ec9b37dde1394d6179bb9bddc255e554c8e97f68dbef3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe

Filesize
468KB

MD5
57e296b95de59f7443d9de8ab50ba291

SHA1
649acc12229a2383bbbbd55e1386ed4afe5cad3f

SHA256
75fdcae1d73ee1e31910dd56b8a3090b8a757a119e8c61049941a78becc0ba19

SHA512
feeba0b9988235b90775f83baac05870689d2b98f72a603a40b01e263856759b6e9036a662078ff7e2596b0e683929fdab09ff060f87e429a9f6f083f073c307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe

Filesize
468KB

MD5
4c1d35396d4f2a81a5a7410fb7f99f1c

SHA1
39eca3174d634dc82eff4d4c3521ed1d2fd5dba4

SHA256
aa56d422bb3feeb330e1401d08662de7d849fbd520c394f0296a01a113f99128

SHA512
4a77d39956f00ef8310ed1256c82f00572429b588eee184734537b38051454f78d45d018b49736d3f27a2dcc78423f4ff07ca87f50a942452a826e0409e8ac8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe

Filesize
468KB

MD5
edeaaf197e7047eb138dd1eeb281a5b5

SHA1
9a478a660aea01eb2a6c24909fe2c2f21641b0ba

SHA256
35eed9c8114b3d0c7a893167ec2b63c8ab00899e2836b93477738f48aa5f88f9

SHA512
de3d4a8d37a35aaa225db041ddc90aa06c93e43b3fbd9c10495ec85c99ee65e8f459cbff6e2cfff9af99ef095284a5aa35ab6886c8baa0bbcdc59d1dfe74dca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe

Filesize
468KB

MD5
a8d603c087e1d36a106a7f3ca0059705

SHA1
0d5b9cb00c98360adfbaf9f084b287b51eec1186

SHA256
34d9e23e9a0f50d156eb1052bb74a443a776b8f6d40c2067b2e0634ae83b90ab

SHA512
f12b129fd770af5613c3b1ecc4d20fe77dfdcde8d2e0343b58e03c2d60188a0fe475aa5115fa560ab0b30733ba80f63719a4c67a3b27e2ad4cac9f225f530d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe

Filesize
468KB

MD5
bb58aed0bec9d192d99afee7d22192e8

SHA1
6c485e49753c6101a73d852cb060db4a72320450

SHA256
25e2ef6f5b2cc27102efab48d0455b83cda47361661fcf268d339763a7e53b32

SHA512
bf364955a1c4f6090b3417250f9a086e03cf0b97a3e9ef60019e51f08e37e97d844f4c561286028784b232579508c89fef6dc8c4123c1c8308d5a9826912a9a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe

Filesize
468KB

MD5
86d191bdfa1c22034b4ae7dcae53d68e

SHA1
6f01b92574917a37a9c9eb8a3136637f2eef4149

SHA256
a2c1851150b7da5c331244e9894cfdf5aebe59fcdb480cfb1a4e20650f47f75f

SHA512
b365384302fd49ffcdf89c0ca49cfd091f15541bc220b4f509dbf26a5945c34e8d8311a3617ded25fcf9e9b65e7ca36316c0addc81024c867d5d2eda1374de8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe

Filesize
468KB

MD5
cc10d3f5007e063805b06e959aa61d89

SHA1
9aee5cf043c0bd0d712c7219cc1e5a1a44d1db5f

SHA256
1ea8502bcad05d4baa78178e8b71c810a38765dd841fbaaabc6ef862b76b9f43

SHA512
3eb06a913adad9aa5de771672f9451410df19cb63112483991f2b74f3b8e5457bfc7286839f542f73b444e6fe49bece51d179ea8953d9afaa3ca88ff84b39531

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe

Filesize
468KB

MD5
a4d7790e39ae4904649ec411d39527e0

SHA1
1ef5ca3b413630e3879102c1587198cad2b587e6

SHA256
1d88563cb3a6a62496c1e343a6146ab7e8e89e72a8c6febc0ba9f86734863524

SHA512
a20ef99827f5c4c4bf4bb5cafbe32a65896ff0970e7b2de92a4e675088ea19c3e408fd1d452824d12b40999fca25143de089951e43bfa9c4d0554f442f88ccd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe

Filesize
468KB

MD5
265697388727c53c5a58eeed1c991661

SHA1
40eb9742c197559f1d08116d78861ded6f68769a

SHA256
2b54fb90ee1a2badfb37c49b7b90e31ca7c4d31fd644c077cdb6c1ebd88445d5

SHA512
7632231f4215f939407b6422a490e06e47bd7acb34c2a5079827c2306acdb8d546609bf9e96936f3105fad6f8b0c4f80d588f05aa87c01686fb120f64154ef55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe

Filesize
468KB

MD5
9f155ddbe68aaae915b13b696eb4ea11

SHA1
d8b369e98b0709c8806cd16fa453c96ee795bdfb

SHA256
d6373f805db2e995956a42bce6af5d4fae73877ca7186cfb083dbbe65da8151c

SHA512
0cf6c044f6d53f5a4757a35c65d8c876f794cddc102ed0c2c7edc164e4ef90b92b91753ec02c2e43a5d0a3a8125b8e6070f3d4ccfbf0650405ee1fb28aa2c6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe

Filesize
468KB

MD5
5ac9261f1ef214d508792bac2054b8c7

SHA1
f43b57ebfd40b281e7b0f678b90aa7fa1c0569bf

SHA256
78825afb56716ef19041495be2be00cbb5d42c00fc1e51b84a7525a88ac1e32a

SHA512
ef39b5f94595ebaa605932e0e1735c7f3c774cfbb81707e83e7c89522475301bca9c0412808ba6a2e47e82f8e6268de80d8be66cd171683965676129f72ac6f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe

Filesize
468KB

MD5
7018bb9cbb45776e4b828aa7142e9495

SHA1
0e3b21b4e582100b3c3cca95573fad76a1a032a4

SHA256
c9f6f8d0fe8c293c284cc446427a5fe38de29e2bea78328c8a4f0b2fd5fa758b

SHA512
42e352ed19fbcb2eab257381b799f5ff2e54cc338492a5ff1504df8ea2265e3aeaeb7fdb0fcf5dea2d276f989999e56190baaf6c1755533b40058564cf713e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe

Filesize
468KB

MD5
68002fda419ba7105c2b51e4aafb85c0

SHA1
76621c209e2bbf9c4f1b86b0b7242fa8c148aea5

SHA256
2827dfa5b14ae0ee69d573d40e4437a1dc4aafae3d40c7c596d34ebc6ebf6c65

SHA512
3ccbda29d79a891e47a07baddf52de370cfa7c8c122aaa3b470c6869c37797ee4c5b9d2aa722429023d3e3165d14c44b4211fdbdbdd9946d18811d998a0e626d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe

Filesize
468KB

MD5
f6dd93338248ec77527f138ba4da5f2f

SHA1
7fab1f7dfab6fe1d18a71ba1c599b0c4e4f700a6

SHA256
a22921dacad112876b69ad7bd87297486e34c3621838453d4384d08f57be4225

SHA512
16aa9ca6b03440ef5f928b864cbcc05b86d859132ca65b018d33e44498cd555f8ed20f021e83468be65de5d7bb3324e223f1d2c131f055afda43bee3e8bff56f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe

Filesize
468KB

MD5
ba53b9ef895fc58b395b34f842c2e890

SHA1
41f9e62e0d2efe842f32e086b2c2e1dd803327f9

SHA256
48ab0a36fd8a28ff2fbd90cdf30748c437707a2c39f7e8b7d159db472fec5a3a

SHA512
fcf893b3f4f6b44ce95c33f1a21a6d86a9fb1ac0ed904964565e67bbdf22233445d4b71d8bb99968f62beb2c4992d05e4b5d3dded08d9d1c1bd65930eefc5f8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe

Filesize
468KB

MD5
22ad543962f2fa6a8927cbf613ccfe01

SHA1
cf1c80b1899b1576bfedc13873d261dd29496fd6

SHA256
2c1263ffe71bcf7c078c9629c6c2f272eb9a709ca6cb6452466510e45cfddefa

SHA512
0f47cf2805dc4d9786aa8c22c3796aa03e8e73771441d9ee3c04b7077753d60e8c3deff61a0efebf2c392984ba022afaaf3115c75abf27a1183fc07abca06392

Download Submit
memory/3512-3926-0x00007FFA37890000-0x00007FFA37A85000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads