36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe
Size

184KB
MD5

73aa72d22b90b5ea040c3aaff9a74a63
SHA1

e6485cfa23a215ce93dbc7ca1345e280784edd1e
SHA256

36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674
SHA512

73e8629f2cec93ea21216b16431550423f59da4315d44b4131343cfb87098bd7366fcf60cde4222461d3d4d29b9910fcfb50b7dfb5cebc2bbf4bd383a4cda006
SSDEEP

3072:vjsVJZoPmLA0Kd4iaspoQQh7snvnqn0iuw:vjaoeG4iCQs7snPqn0iu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4448	Unicorn-40451.exe
2696	Unicorn-16907.exe
2916	Unicorn-62578.exe
2068	Unicorn-50731.exe
368	Unicorn-26781.exe
3864	Unicorn-40517.exe
3368	Unicorn-32017.exe
968	Unicorn-1404.exe
640	Unicorn-7534.exe
5100	Unicorn-36123.exe
3360	Unicorn-12173.exe
4868	Unicorn-31774.exe
3820	Unicorn-39413.exe
3404	Unicorn-29198.exe
2808	Unicorn-17409.exe
400	Unicorn-47389.exe
3136	Unicorn-23439.exe
4792	Unicorn-6356.exe
4360	Unicorn-32734.exe
3912	Unicorn-28915.exe
924	Unicorn-53511.exe
4860	Unicorn-22693.exe
2568	Unicorn-49335.exe
5040	Unicorn-40405.exe
4784	Unicorn-25385.exe
3996	Unicorn-36445.exe
2508	Unicorn-32361.exe
4028	Unicorn-12495.exe
2628	Unicorn-25874.exe
3740	Unicorn-36345.exe
4068	Unicorn-11748.exe
5048	Unicorn-55303.exe
4724	Unicorn-62080.exe
2308	Unicorn-10186.exe
2340	Unicorn-61425.exe
8	Unicorn-22439.exe
3644	Unicorn-29215.exe
2724	Unicorn-8048.exe
772	Unicorn-60571.exe
2952	Unicorn-28469.exe
2944	Unicorn-28469.exe
1436	Unicorn-54846.exe
636	Unicorn-31161.exe
3468	Unicorn-51027.exe
3048	Unicorn-16217.exe
2896	Unicorn-44805.exe
1384	Unicorn-19339.exe
1440	Unicorn-9994.exe
4972	Unicorn-34590.exe
2440	Unicorn-20855.exe
3648	Unicorn-24939.exe
216	Unicorn-2594.exe
2588	Unicorn-33321.exe
2608	Unicorn-42043.exe
3536	Unicorn-7233.exe
1812	Unicorn-49657.exe
3632	Unicorn-49657.exe
4328	Unicorn-5916.exe
716	Unicorn-39351.exe
4604	Unicorn-35267.exe
2468	Unicorn-37305.exe
2204	Unicorn-46128.exe
4756	Unicorn-35002.exe
4688	Unicorn-19507.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
5484	772	WerFault.exe	135
6604	5584	WerFault.exe	183
19348	2984	WerFault.exe	1005

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16216	dwm.exe
Token: SeChangeNotifyPrivilege	16216	dwm.exe
Token: 33	16216	dwm.exe
Token: SeIncBasePriorityPrivilege	16216	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe
4448	Unicorn-40451.exe
2696	Unicorn-16907.exe
2916	Unicorn-62578.exe
368	Unicorn-26781.exe
2068	Unicorn-50731.exe
3864	Unicorn-40517.exe
3368	Unicorn-32017.exe
640	Unicorn-7534.exe
968	Unicorn-1404.exe
3360	Unicorn-12173.exe
4868	Unicorn-31774.exe
5100	Unicorn-36123.exe
3820	Unicorn-39413.exe
3404	Unicorn-29198.exe
2808	Unicorn-17409.exe
400	Unicorn-47389.exe
3136	Unicorn-23439.exe
4792	Unicorn-6356.exe
924	Unicorn-53511.exe
4360	Unicorn-32734.exe
3912	Unicorn-28915.exe
4860	Unicorn-22693.exe
5040	Unicorn-40405.exe
2568	Unicorn-49335.exe
4784	Unicorn-25385.exe
2508	Unicorn-32361.exe
3996	Unicorn-36445.exe
4028	Unicorn-12495.exe
2628	Unicorn-25874.exe
3740	Unicorn-36345.exe
4068	Unicorn-11748.exe
5048	Unicorn-55303.exe
4724	Unicorn-62080.exe
2308	Unicorn-10186.exe
2340	Unicorn-61425.exe
8	Unicorn-22439.exe
3644	Unicorn-29215.exe
2944	Unicorn-28469.exe
2724	Unicorn-8048.exe
2952	Unicorn-28469.exe
772	Unicorn-60571.exe
3468	Unicorn-51027.exe
1436	Unicorn-54846.exe
636	Unicorn-31161.exe
2896	Unicorn-44805.exe
3048	Unicorn-16217.exe
1440	Unicorn-9994.exe
2440	Unicorn-20855.exe
4972	Unicorn-34590.exe
3648	Unicorn-24939.exe
1384	Unicorn-19339.exe
216	Unicorn-2594.exe
2588	Unicorn-33321.exe
2608	Unicorn-42043.exe
3536	Unicorn-7233.exe
3632	Unicorn-49657.exe
4328	Unicorn-5916.exe
1812	Unicorn-49657.exe
716	Unicorn-39351.exe
2204	Unicorn-46128.exe
4604	Unicorn-35267.exe
4756	Unicorn-35002.exe
2468	Unicorn-37305.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 4448	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	91
PID 2420 wrote to memory of 4448	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	91
PID 2420 wrote to memory of 4448	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	91
PID 4448 wrote to memory of 2696	4448	Unicorn-40451.exe	95
PID 4448 wrote to memory of 2696	4448	Unicorn-40451.exe	95
PID 4448 wrote to memory of 2696	4448	Unicorn-40451.exe	95
PID 2420 wrote to memory of 2916	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	96
PID 2420 wrote to memory of 2916	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	96
PID 2420 wrote to memory of 2916	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	96
PID 2696 wrote to memory of 2068	2696	Unicorn-16907.exe	98
PID 2696 wrote to memory of 2068	2696	Unicorn-16907.exe	98
PID 2696 wrote to memory of 2068	2696	Unicorn-16907.exe	98
PID 4448 wrote to memory of 368	4448	Unicorn-40451.exe	99
PID 4448 wrote to memory of 368	4448	Unicorn-40451.exe	99
PID 4448 wrote to memory of 368	4448	Unicorn-40451.exe	99
PID 2420 wrote to memory of 3864	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	100
PID 2420 wrote to memory of 3864	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	100
PID 2420 wrote to memory of 3864	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	100
PID 2916 wrote to memory of 3368	2916	Unicorn-62578.exe	103
PID 2916 wrote to memory of 3368	2916	Unicorn-62578.exe	103
PID 2916 wrote to memory of 3368	2916	Unicorn-62578.exe	103
PID 4448 wrote to memory of 968	4448	Unicorn-40451.exe	104
PID 4448 wrote to memory of 968	4448	Unicorn-40451.exe	104
PID 4448 wrote to memory of 968	4448	Unicorn-40451.exe	104
PID 368 wrote to memory of 640	368	Unicorn-26781.exe	105
PID 368 wrote to memory of 640	368	Unicorn-26781.exe	105
PID 368 wrote to memory of 640	368	Unicorn-26781.exe	105
PID 3864 wrote to memory of 5100	3864	Unicorn-40517.exe	106
PID 3864 wrote to memory of 5100	3864	Unicorn-40517.exe	106
PID 3864 wrote to memory of 5100	3864	Unicorn-40517.exe	106
PID 2696 wrote to memory of 3360	2696	Unicorn-16907.exe	108
PID 2696 wrote to memory of 3360	2696	Unicorn-16907.exe	108
PID 2696 wrote to memory of 3360	2696	Unicorn-16907.exe	108
PID 2420 wrote to memory of 4868	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	107
PID 2420 wrote to memory of 4868	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	107
PID 2420 wrote to memory of 4868	2420	36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe	107
PID 3368 wrote to memory of 3820	3368	Unicorn-32017.exe	109
PID 3368 wrote to memory of 3820	3368	Unicorn-32017.exe	109
PID 3368 wrote to memory of 3820	3368	Unicorn-32017.exe	109
PID 2916 wrote to memory of 3404	2916	Unicorn-62578.exe	110
PID 2916 wrote to memory of 3404	2916	Unicorn-62578.exe	110
PID 2916 wrote to memory of 3404	2916	Unicorn-62578.exe	110
PID 2068 wrote to memory of 2808	2068	Unicorn-50731.exe	111
PID 2068 wrote to memory of 2808	2068	Unicorn-50731.exe	111
PID 2068 wrote to memory of 2808	2068	Unicorn-50731.exe	111
PID 640 wrote to memory of 400	640	Unicorn-7534.exe	112
PID 640 wrote to memory of 400	640	Unicorn-7534.exe	112
PID 640 wrote to memory of 400	640	Unicorn-7534.exe	112
PID 368 wrote to memory of 3136	368	Unicorn-26781.exe	113
PID 368 wrote to memory of 3136	368	Unicorn-26781.exe	113
PID 368 wrote to memory of 3136	368	Unicorn-26781.exe	113
PID 968 wrote to memory of 4792	968	Unicorn-1404.exe	114
PID 968 wrote to memory of 4792	968	Unicorn-1404.exe	114
PID 968 wrote to memory of 4792	968	Unicorn-1404.exe	114
PID 4448 wrote to memory of 4360	4448	Unicorn-40451.exe	115
PID 4448 wrote to memory of 4360	4448	Unicorn-40451.exe	115
PID 4448 wrote to memory of 4360	4448	Unicorn-40451.exe	115
PID 3360 wrote to memory of 3912	3360	Unicorn-12173.exe	116
PID 3360 wrote to memory of 3912	3360	Unicorn-12173.exe	116
PID 3360 wrote to memory of 3912	3360	Unicorn-12173.exe	116
PID 2696 wrote to memory of 924	2696	Unicorn-16907.exe	117
PID 2696 wrote to memory of 924	2696	Unicorn-16907.exe	117
PID 2696 wrote to memory of 924	2696	Unicorn-16907.exe	117
PID 4868 wrote to memory of 4860	4868	Unicorn-31774.exe	118

C:\Users\Admin\AppData\Local\Temp\36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe
"C:\Users\Admin\AppData\Local\Temp\36a6fd65ec8e6d5ff1c495c1439149cfe20f0f2dfe40cacb913d9c216b3e2674.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        10⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        10⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        9⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        9⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        9⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        9⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        9⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        8⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        8⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        8⤵
        
        PID:18488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        8⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        7⤵
        
        PID:18584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        9⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        9⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        9⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        9⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        9⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        8⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        8⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        7⤵
        
        PID:19288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        7⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        7⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        7⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        6⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        6⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        9⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        9⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28049.exe
        8⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        8⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        7⤵
        
        PID:19148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        8⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        7⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        7⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        7⤵
        
        PID:19116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        6⤵
        
        PID:19280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
        8⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        8⤵
        
        PID:18840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
        7⤵
        
        PID:19360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        8⤵
        
        PID:19104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        8⤵
        
        PID:16520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        7⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        8⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        8⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7410.exe
        8⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        8⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        7⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        7⤵
        
        PID:18932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
        7⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        8⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        8⤵
        
        PID:19272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-273.exe
        7⤵
        
        PID:19024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        7⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        7⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        6⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        7⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        7⤵
        
        PID:19168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20230.exe
        6⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        5⤵
        
        PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        8⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        8⤵
        
        PID:19424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        8⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        7⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        7⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        6⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        6⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        6⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        6⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        8⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        8⤵
        
        PID:19312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        7⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        6⤵
        
        PID:18912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        5⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        5⤵
        
        PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        7⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        6⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        6⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        5⤵
        
        PID:19220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
      4⤵
      PID:5584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 632
        5⤵
        Program crash
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
      4⤵
      PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
      4⤵
      PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
      4⤵
      PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
      4⤵
      PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        7⤵
        Executes dropped EXE
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
        9⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        9⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        9⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        9⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        8⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        6⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        7⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        6⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        7⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        7⤵
        
        PID:18960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        6⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        6⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        7⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        8⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        7⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
        6⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        6⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        6⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        6⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        5⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48095.exe
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        9⤵
        
        PID:16208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        9⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        8⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        8⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        7⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
        7⤵
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        7⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        6⤵
        
        PID:19368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        8⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        6⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        6⤵
        
        PID:19340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        7⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        7⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39879.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        6⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        7⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        6⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        6⤵
        
        PID:18596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        5⤵
        
        PID:19200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        5⤵
        
        PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        5⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        6⤵
        
        PID:18704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        5⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
      4⤵
      PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64877.exe
      4⤵
      PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
      4⤵
      PID:18804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        9⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        9⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        7⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        7⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        7⤵
        
        PID:18472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        7⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
        7⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        6⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        6⤵
        
        PID:19064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        6⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        5⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
        5⤵
        
        PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        6⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        6⤵
        
        PID:19088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        5⤵
        
        PID:19412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        7⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        5⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        5⤵
        
        PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        5⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
      4⤵
      PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
      4⤵
      PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
      4⤵
      PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
      4⤵
      PID:18860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        7⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18877.exe
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        5⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        5⤵
        
        PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        6⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        7⤵
        
        PID:18420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        7⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        5⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        5⤵
        
        PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        5⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        5⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8571.exe
        5⤵
        
        PID:19156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
      4⤵
      PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 632
      4⤵
      Program crash
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
      4⤵
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18747.exe
      4⤵
      PID:19092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
    3⤵
    PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        5⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
      4⤵
      PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
      4⤵
      PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      4⤵
      PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
      4⤵
      PID:5672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe
    3⤵
    PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
    3⤵
    PID:13900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
    3⤵
    PID:17868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40027.exe
    3⤵
    PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
    3⤵
    PID:8156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        8⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        8⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        7⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        7⤵
        
        PID:18940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        8⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        7⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        7⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        7⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        6⤵
        
        PID:18452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        7⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        7⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        6⤵
        
        PID:18556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        7⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        7⤵
        
        PID:19148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        6⤵
        
        PID:19436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21229.exe
        5⤵
        
        PID:18704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        5⤵
        
        PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15212.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        7⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        7⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        6⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        7⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        7⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        6⤵
        
        PID:18436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        5⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        5⤵
        
        PID:19296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        5⤵
        
        PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        6⤵
        
        PID:14764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        6⤵
        
        PID:18660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        5⤵
        
        PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        6⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
      4⤵
      PID:16616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        7⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
        7⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        7⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        6⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        6⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
        6⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        6⤵
        
        PID:19232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        5⤵
        
        PID:18828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        7⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        7⤵
        
        PID:19348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        7⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        6⤵
        
        PID:18892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        5⤵
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        5⤵
        
        PID:18992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        5⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
      4⤵
      PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
      4⤵
      PID:18640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        6⤵
        
        PID:19352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50564.exe
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        5⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        5⤵
        
        PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        5⤵
        
        PID:19264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
      4⤵
      PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
      4⤵
      PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
      4⤵
      PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
      4⤵
      PID:18568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        5⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        5⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
      4⤵
      PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
      4⤵
      PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
      4⤵
      PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
      4⤵
      PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
      4⤵
      PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        5⤵
        
        PID:18708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
      4⤵
      PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
      4⤵
      PID:19256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
      4⤵
      PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
    3⤵
    PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
      4⤵
      PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
      4⤵
      PID:18780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
    3⤵
    PID:8816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
    3⤵
    PID:1356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
    3⤵
    PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
    3⤵
    PID:5404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        8⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        7⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        7⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        7⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        7⤵
        
        PID:19360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65214.exe
        6⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35402.exe
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        5⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        5⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44177.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        5⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        5⤵
        
        PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
      4⤵
      PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        5⤵
        
        PID:18776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        5⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        5⤵
        
        PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
      4⤵
      PID:14716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      4⤵
      PID:18604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        6⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        6⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 248
        7⤵
        Program crash
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        5⤵
        
        PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        5⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        5⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        5⤵
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
      4⤵
      PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
      4⤵
      PID:19376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
    3⤵
    PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
      4⤵
      PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
      4⤵
      PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
      4⤵
      PID:18368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
      4⤵
      PID:15888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
    3⤵
    PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
      4⤵
      PID:11516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
      4⤵
      PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
      4⤵
      PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
    3⤵
    PID:8764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
    3⤵
    PID:14200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
    3⤵
    PID:3968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
    3⤵
    PID:2704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        7⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        7⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        6⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        6⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        7⤵
        
        PID:18444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        6⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        5⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49945.exe
        5⤵
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        5⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        5⤵
        
        PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
      4⤵
      PID:19400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        6⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        5⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        5⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        5⤵
        
        PID:18920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
      4⤵
      PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      4⤵
      PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
      4⤵
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
      4⤵
      PID:17948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
    3⤵
    PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        5⤵
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
      4⤵
      PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
      4⤵
      PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
      4⤵
      PID:18524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
      4⤵
      PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
    3⤵
    PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
      4⤵
      PID:15636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
    3⤵
    PID:10020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
    3⤵
    PID:14552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
    3⤵
    PID:19188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    3⤵
    PID:16524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        6⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        6⤵
        
        PID:18732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        5⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        5⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
      4⤵
      PID:17892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
    3⤵
    PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
      4⤵
      PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
      4⤵
      PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
      4⤵
      PID:19332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
      4⤵
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
      4⤵
      PID:18472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
    3⤵
    PID:9176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
    3⤵
    PID:10336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    3⤵
    PID:14344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
    3⤵
    PID:18396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        5⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
        5⤵
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
      4⤵
      PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
      4⤵
      PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
      4⤵
      PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
    3⤵
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
      4⤵
      PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
    3⤵
    PID:10060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
    3⤵
    PID:19176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
  2⤵
  PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
    3⤵
    PID:7364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
    3⤵
    PID:10372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
    3⤵
    PID:14372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
    3⤵
    PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
    3⤵
    PID:16716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
  2⤵
  PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
    3⤵
    PID:8212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
    3⤵
    PID:12548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
    3⤵
    PID:16592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
    3⤵
    PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
    3⤵
    PID:4352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
  2⤵
  PID:9348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
  2⤵
  PID:11652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
  2⤵
  PID:17968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 772 -ip 772
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5584 -ip 5584
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 15956 -ip 15956
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 16276 -ip 16276
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7628 -ip 7628
1⤵
PID:15960

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe

Filesize
184KB

MD5
81021b83fbf549d12ee558a19afb288c

SHA1
6280f5d745ecd7f912695211d13c3f9b4d77f412

SHA256
7fcb31e53f8e3ef7e2e6fdd04ef5420fa5154b3e46862540259d517ec9fc02bb

SHA512
7ebc7590761ca67e415fb9684f48bf569e35f10c8037719680b42a875e2e0ccb942b7faacefd6f3d4a434438c153b8ceeccf0c1d9e098d0a3e4bbda183c69276

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe

Filesize
184KB

MD5
16dce5a7954d7d20eba3653fcc17191e

SHA1
7f4c974fca11aebd031b0e4146b63bc08ea4e8c6

SHA256
a172cfdb1adb07540c01659199ae00f381ad0bd72f0abb6089749e0d0f865411

SHA512
c7286f5b5847f0f1de0412ba0cf3259ed4a32740a1071ad77d7f56847fbbda5196b627116ddfdf602fb3b510b70621d1a548f6dbdbeca5ef8c7b65496f4db72e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe

Filesize
184KB

MD5
6cc5d44c65ae968f0dba4e1c7b27008a

SHA1
35ba953c90bc7dce1457fd12e4f2616c087eab4b

SHA256
a6633d721f8a577af7c4c7589059365d0f7ab7314bafd84ea86b47c14b13b44e

SHA512
68e7c15891664b9b0e333c9393331f7477fa98a902007085cd3b14cbfaae657016a7201c6d99e615e4aedfabaacf343d038b9d44842e193ac390c7d16b801cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe

Filesize
184KB

MD5
47cf5a59de8a804f9c0a7f08e70bc96e

SHA1
3886c3866c4b52959eb8b092184c083bfb79493e

SHA256
b7cc3466758189b29fc18eef5070c62fe3457c3ce5e073a840f81fbd8df0b085

SHA512
154d9e57b8b0043f8793a2e6478e539a9d211d2c759b8b9d011c240e139275549d6f22163d2131c46461f4f9d53f06d436e88e20e681bb315048010bc0a3819c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe

Filesize
184KB

MD5
6043a749e25088d35c283716ef156bda

SHA1
7075ee81f564f9498a64df2f79165da86d1ddb44

SHA256
96da31c001ab94c129879cf2d901511c58b667824a666c4a03a87832c8cd5989

SHA512
5a839fbd54d697a4de297ac73b5c12038dd2821d1b54e99b79819f0c3fa843d4964bea5b690969321e93516aa9ee8b308813b3b33ec7faf621cd185b7ba97497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe

Filesize
184KB

MD5
ed74fae6bd9567c1c785b89145cdfd67

SHA1
c865ee1df3ecb3a3983dee77f70d36c6ac9428b8

SHA256
2cabd6001a98f81e64f24cf9c1eded4d939473c8f5c83165a4a82644e3935a2b

SHA512
8ed8f7129e56ea6e76d2caefe82237a8a0ce2e782ecb5597430b54a8ba6050100dfa5172cac5ee90850c72a8d65fa5dc7a86b75347067bb5aac2c432af6798cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe

Filesize
184KB

MD5
f3b91aa500ca1c66452dc16ef2caa346

SHA1
6dfeba2177979459a679ffc260cc41598a7d05af

SHA256
332eccff321d19d625558919c9ebef6338c40174572491ddf0597ca95f0d418a

SHA512
021c95ae1596c57ae60c1034ade2b510bbafd9cca75d22e0ac1d570fe77a31b7038ec2561c19a04f9cb1c29fbb805b351fcf8352db38b0c578b700852ab311d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe

Filesize
184KB

MD5
3981328dc0044b4110ed18b58a6bbeea

SHA1
3c89b490978ec9fc358ef3d02e3c5f5c48dd3cb0

SHA256
5cae48f0af58017736fa26fa692a871a25e05a491d87477337bf05bed6d79080

SHA512
26f72c8116e51ab080adf178747f4bee31c8fc30b760b824c466419baa426cc518abb8f7a9e2392d82120e5638a491d46f4e2544795a82644e0f45d296e9d39e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe

Filesize
184KB

MD5
d3210ceaa45725f6d10245712d2cfba5

SHA1
f606e02614fe04e3e298a88c231f867301b8c4e0

SHA256
7117dd3110d87374748dd6c7afb14385555f07b7c69585cce9c2c0b165ffd34b

SHA512
f64514fde611b1ce5ba55b13f49791ee2e4391a745c78063fc55b0f7b361f47d13b5617c8df057fa12956da0b9e3eff61b5c02dbb4509485f717b0c2403eae72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe

Filesize
184KB

MD5
8351cadb199a8a83364ec9305377d1a0

SHA1
08c71d450dea976fc4426761ccdec920d8f742a4

SHA256
238d96e0bd2e971e2b693a091b98cf38b5308724769f495eed8919985af9e5ce

SHA512
5b1e226bcc13fb67e80c0096a1993e59ae4564db71aef4a1f97a494f62a9977eb2917fd97bbdf8e1233745eb7b968f6cd21f29876636e2766de5ce72ff30bb3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe

Filesize
184KB

MD5
1af31c4f2b25225bfbfa173e4db4b1d6

SHA1
88cfb2f40c1158095a822ce1555f0086310aad2a

SHA256
62ca1638e58493f3354628129940564cf6a33a1c33d9a48a10bfaa0cebf4d1c8

SHA512
98beed0bef1826b6c4535916266a3ac5787ea6789fff78a7d060c62dfe9594d7b653d8e21dc3957d4f367d01294423cc0305e5190e50a340585d2b478c170092

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe

Filesize
184KB

MD5
17fa709f5421d7b759b325218b296484

SHA1
bdd8af49d286df0ab1a4b84852fc5c1d3093fdb7

SHA256
bca0bab0fc3a39d4d668544275eaaa028a661ee171f787467c889741fd2cfe15

SHA512
b13014484c1a9a24016e81566d9fb268322b523080359069e9506a082af23ba4eed466391e31a4cde951187d02367cf1dec6e642a291cefdb2f4a40991525923

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe

Filesize
184KB

MD5
293a1461a21323648896ccb38f794768

SHA1
1209ba53da955112f915c5c8eab5e146de7f94a8

SHA256
94a70230d859112c122eff1a157a32d9a4d202d98586299cd8990c422b2ec872

SHA512
4a17cdf9a0eddc6bbf68dfd4ab7169b40033b07d01b270caaf3a33eeebfe5912e28a323ac58234f487c8650181a7739d370a4d26117b3ec6ee8cf8fcafc615ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe

Filesize
184KB

MD5
24ba927c7d89cc730a979b7de57732e6

SHA1
caeb6e095b79a6cd79647ea6812c13c6aa904cd0

SHA256
4a046fcda71ae5a82aba1c098477d478acc2ef8911272c8069aeef1747e07e94

SHA512
6ff706ee3b3948c77b31d08c6a1466d0b314715c19778237d0ab79b6a002b2144d0e18f689ac3e1a6a855577486a25202eaca65a422d83820dcfec5cba8042fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe

Filesize
184KB

MD5
5471e47a710d860300d20e0020cb4e73

SHA1
44a512049143a712c7b9fab43ad4f0e2e992be76

SHA256
9393a664961f9097e119458f83863f35f9982418821a99db81df6aacb235dbe4

SHA512
67fa475d587f08610779a43e65afa282d18be285be43d2d9236f95d304bced389072535ae0a0d295243a5857ef9fecbd698b0592bacb567c36787d22b3bd3647

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe

Filesize
184KB

MD5
5972504647853f62ea496e3804455e2e

SHA1
55dd7e6cfc5501448bde62999310dc6018fbe3ff

SHA256
8b50e0c92fb5999a3c26f05a39b42ebb8df3d0b12fa30bcba801021c5f855a42

SHA512
45ac88ab1bc65ba7d5a1a5f262e98aac1c66202491c0dc5ca0e5279e2ef3f7499c3e4fe67c23cf10c556586463115f3ddf12ff86cc1a5aa80832a8a338a64be5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe

Filesize
184KB

MD5
3f0544b7e1837221ec724828176fa3da

SHA1
12465b70282d7ffd9b3fad5adf732527ebc7367b

SHA256
2696f16dcedfe1bb04886476cd6fba22180c039c3a9fc1b9b07085aab5a546b3

SHA512
e54db6ffeb5c1e8ab7367fcf4c563f29a8d20e7b3753ab8b60fc17a0f72efa60d43f8293bd64f449b8633388905eb7a310dd0aaf0b88d5b13394f714ed1f7770

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe

Filesize
184KB

MD5
1b537848aefc0cf61462d0dafffadd69

SHA1
6c89fed0d4cbc97cb812060ae5b58764c95c1a29

SHA256
1c2a93b83f7cfee463586b7810a4eb719e1d46917ca5acecdd2d510781eff843

SHA512
abce1543af8c0668b1c8c4da0ce62c3e80cb99d8c0155af371c5b82c72aa3028366146dff22cb44d39d10cf16daefbd3bc90147b9275b44507599cda66d8d370

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe

Filesize
184KB

MD5
6d57313844f07abe1906da3412496cd8

SHA1
b2ae37b9a1ded74906a63b31d2fe83661aecd660

SHA256
5108405feb541da2d189dc88dafda7963df8e0a61551c1181a253504174fabfa

SHA512
b88fba6af8c9c592ca36d743a5063a2172ba8cdec8b68384f7cefdcb7def5ae922ef279c1795ff5f634a60560a18ba54ed6c426bc1f10479e5942b0c3104c893

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe

Filesize
184KB

MD5
ee9201215633f771fb0385c514efa7fb

SHA1
6565cdcaf2a4edbfaaadcd2d9f4991a7af4f9a9e

SHA256
8dee3a0ff448df68f9ab7d9da45e9ebb808f4426528f388d83e205b434846e33

SHA512
11b14cd5043a0068d7079d7620285924ea04b8db04e14d06fed64b128fa3e5caa8bcd1507b5a0014c6c218b3180d8457ab65a1d8a0aad76014b265728f60a254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36345.exe

Filesize
184KB

MD5
3eab98a635f617b00f96f341b1109fcd

SHA1
8b6794426ec1b6f8e8aa237ac9264473a5669802

SHA256
b6c71e80fa277f2da75523ab7a065d8f6de2ba29a3affe3883a747deb31f3ffb

SHA512
adccd0f1e6ddc005394dfd8f41f9700082755519ff9c2c31b69624c813ae32ed70e6ba990aecc33f5e7a536a9ccc4da25acd7b45ff95c245f9fb37170bd2c6b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe

Filesize
184KB

MD5
bb481cff344a8f5a432c2590d86949cc

SHA1
cc25113676c10f6e602eee2ad1aa5e396e7a0853

SHA256
8f9384cf9e60ee90580c1a4c0e53f4983a637d4c316f66f7d2dce0a8f32f9db3

SHA512
a9cb0017a572154a1f96998dba08e263aecf5cfb99a5d7f26218fe517301e9b8f9cf6865551255e2518827f91bf95121454cedcf2adddcd12bf80f55c8d78770

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe

Filesize
184KB

MD5
b363fabef6287f3909c515520ba22786

SHA1
9e7979e89bd6372370aba53bb66ddb3fecdaf3f5

SHA256
4e9086a55e4b067f42d49e2690ab2675e731b7580a0f9e57d74b8d628ec2b0dc

SHA512
e001eb65ebcdbde42d083b619e17e38d19d10abbefa966f3c6d247db67ecef868056a79e9c0784ea347193b21751eead31c03a71fb9fcefc3b06db0187a5d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe

Filesize
184KB

MD5
d2d8afba94150e252b9cb874a251fbea

SHA1
cf7fce48f29b20d31db64517a4425d725904956b

SHA256
32312199c60a758bb355a56835b7763d44af12ba52fc522b4d74c853ed63cbc1

SHA512
7ba19d0405bed0063cce851ef4fb6f1e0de9e3409d81dc4cb452597633b7049e5c68b857293a971e8b3b1dfbddb83cfab2b3b6c5e775222fb891d72348c358d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe

Filesize
184KB

MD5
7899bab32f9cc3c5fbdfadaa3c6f6299

SHA1
41f1ce98dd3246c52c0e3a3350460cd4207c8e51

SHA256
690f513dcf5446e107c0b0a841f5e0734fa0c7da0357922a7432fd9bf26e847d

SHA512
deb29633d5cd7385a63d35b8e30470a21428be47fbcd26fde5ca0d7f3e3a6d80468e4ae49f52291265fd91c267fde82823779016c4423c40213eb6ee7990978a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe

Filesize
184KB

MD5
d2175a2e55240f172f5c36f24b6d9f6a

SHA1
55d8337a502bc8355a76d5a164fc7a5ca0bb0b4a

SHA256
2ebe83d9211a3c378ef9eeab1b1f3ad3bd55280d09e91a11ff74d6186785c1c3

SHA512
26b8219abc13069f501460c0068c01a5166c2b2587524be1761174b8a5936459c8c6359bcbd12352d4c2fd95c77150a46c1c22046c8463344a06912582e32c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe

Filesize
184KB

MD5
7f0173b7b208ed4eecdd87605076667d

SHA1
1ef3728975439bb220fd6879326ac7c1f9aa71f7

SHA256
d4a3d1ce332b02efff991d1f4a0a900f15fdac41a3b410318c1f6465b5bcdb88

SHA512
220c017a2b9eecea93eac6044d4adc9b367cf350c6655f96bc0ba86ace2e93fcccbf054d38cf4c3b3f43345082e70e636ffa6b630caedece56961801c06896c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe

Filesize
184KB

MD5
4b509e42ba08dcb3708e67ddbbabd4f1

SHA1
73a2d473871604303867f4d588301819c3c05660

SHA256
22cf440bed6545e5c085812cce18157e8dc3414d6ff938fd83e3c22b6d28d5cf

SHA512
7fe72c8f7a2d8d2488849280fee1610e0848eb560274aa71b73ae8538a4e9205abd2f653c49c139538a8563e6b1afad57d83bbec25e9f8e586f222b7830decae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe

Filesize
184KB

MD5
4a15279842dc6988ac67fa08287bd0dc

SHA1
173afd5aa1cd371b8cdb9683c5d24145516106e6

SHA256
e0083b053b6aa9e90073a2fe77b1ca000c0d22fb510b3d91ece3834da36a84d6

SHA512
cb7f8b139180fd528100a06ac23e7b923a07108ff4b2ea51f6c4eb3928f647c4ff7286122b6901d74f64deab2a457aeaf238bbe57f785da5ce06b82d3d0e6587

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe

Filesize
184KB

MD5
c1fcf6cf1c440af5febdf2f5b2f62505

SHA1
ba08636e9bc43878983af6b6bc97dbcb90c1a578

SHA256
5aa7a6766089a32b8beaafecf3d1dccf0305c16ee842cfe03dfd8d0608a5b4d6

SHA512
7d0e369a6626732878fe01fe6a517e09b3b3168c82f9985026a92530bc3a521dd731e244eda3e421131e057d5e0fa79156040a23146230e19241981ba3289c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe

Filesize
184KB

MD5
cf250295b78bd66f0a637f29581db458

SHA1
fb6f78f0a1778352d29aef33008c45d9c10a67d3

SHA256
26756b441aa9f7cb2eb08026acb01ca5d719a9238894311874f2b9617f064052

SHA512
75bb3d6124165bcc4e4180a550a5ad2d3f8a3012b21b749aec9101116f354183a48c42123aed56716d3eed421457e1de0691e4e065663f872fe0b138951af526

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe

Filesize
184KB

MD5
cc96430bdc41078c92133f630727f0bf

SHA1
17c2d052c02bcfb81f8f41ac660b52b586113a63

SHA256
c124f7e3fea61f2a72c6e5c06c371cff6e9f7a03ff10ae574fa70f0b945b8f16

SHA512
0c9e1193c29de6460f73c240627b659bf5fa1fa49b24a6804fd4bbea61244cb530bc7d96490bc6fb48a124b71661760791341978d777e64340f4e29857d65858

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe

Filesize
184KB

MD5
a59b73bbf7d6b0eb1ece5047a0b30442

SHA1
01f6cc7c14279a4c46259180be434136a6c1ebf8

SHA256
90da2ef96c5c76279140d8535acd480d5ba4a7e8603bbda1db2200353f7765ad

SHA512
272aba82ce82811a60c1418dd28ca0153a8f76f772e23c168105457c4a09ef4429c0e3685e2551838e2aa1afb0f40771b9277052b414e389e54745ce6faa998a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe

Filesize
184KB

MD5
9ba63f8af9aa77a5557585ee88b93a3a

SHA1
9f6e588a667e6671942b338b3b8c509017d0b125

SHA256
8c35eefa78e8a665cfcdd68b074ff6ce1a3b9ac9a5bb0c959921fdaaa4a4c59d

SHA512
d825b7ed84b1acdff9eb2e4dfd4528e4e50f8f808d27eab4f5fd41085fe5a1be9794196d07d8be722fae99a7cfd24a6720efc199c7afc306c2fc764fcc7b13ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe

Filesize
184KB

MD5
af15c9c988db9ab97c67577518657964

SHA1
7155d70c6711a2b69097b81392b5cfbf6651598d

SHA256
6ff5eca597d2bb77fba5754e3755bf92fd59ee6f926e5ef0a6d60fad2ab90e6d

SHA512
1f0ea57d646c75ec3eb8df010822f4bb70244bc5741f239f1cb4a0292cb88be2fc3489238fc09939beba5d235b1d78fe2ca23ede0abe2985f2288403842eeabe

Download Submit
memory/2568-3065-0x0000000076910000-0x00000000769CF000-memory.dmp

Filesize
764KB

Download
memory/5220-2990-0x00007FFE42FB0000-0x00007FFE431A5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads