4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe
Size

184KB
MD5

68c02996a0c1554daec3f8ea7d092d20
SHA1

942eb92e9feff0f148bb322fca1d8c4b063e193c
SHA256

4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3
SHA512

fc5fda63de033da2ccf5289c466ed7d4a96acbd1edc8388a41e33eb7f8204768bf2c2d1c6f5bd0b9fd23ec7cf06ec2ac3c32bf04242cbba792d5d91f62fa8e7b
SSDEEP

3072:4TFrEWonxdIpzyAEMw38HbSatvnqn1i8v:4TjoYpyA887SatPqn1i8v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4060	Unicorn-31124.exe
5024	Unicorn-61824.exe
5028	Unicorn-50127.exe
3224	Unicorn-15119.exe
2308	Unicorn-64875.exe
404	Unicorn-53722.exe
3512	Unicorn-54891.exe
4796	Unicorn-55296.exe
3152	Unicorn-55296.exe
4672	Unicorn-55296.exe
5084	Unicorn-57334.exe
3700	Unicorn-19094.exe
2060	Unicorn-38695.exe
216	Unicorn-35836.exe
5072	Unicorn-37874.exe
3920	Unicorn-53132.exe
4300	Unicorn-65384.exe
2080	Unicorn-65384.exe
4552	Unicorn-45519.exe
5096	Unicorn-25098.exe
4420	Unicorn-20460.exe
4368	Unicorn-29182.exe
3572	Unicorn-26581.exe
4596	Unicorn-7942.exe
1448	Unicorn-49048.exe
3688	Unicorn-19697.exe
3468	Unicorn-28628.exe
4296	Unicorn-17720.exe
4188	Unicorn-51435.exe
2600	Unicorn-31834.exe
4712	Unicorn-51700.exe
4632	Unicorn-55208.exe
1700	Unicorn-55955.exe
3132	Unicorn-57299.exe
3048	Unicorn-11990.exe
1844	Unicorn-60636.exe
4780	Unicorn-1221.exe
4992	Unicorn-56168.exe
724	Unicorn-29617.exe
3208	Unicorn-11243.exe
2704	Unicorn-23231.exe
1800	Unicorn-41678.exe
644	Unicorn-3075.exe
4008	Unicorn-36110.exe
2856	Unicorn-47046.exe
4848	Unicorn-3075.exe
3940	Unicorn-7522.exe
4020	Unicorn-3075.exe
1172	Unicorn-3075.exe
3676	Unicorn-51123.exe
2024	Unicorn-56723.exe
2096	Unicorn-27388.exe
776	Unicorn-27388.exe
1524	Unicorn-45644.exe
2780	Unicorn-38030.exe
4984	Unicorn-17056.exe
4376	Unicorn-21140.exe
4628	Unicorn-17056.exe
3108	Unicorn-53242.exe
452	Unicorn-56042.exe
772	Unicorn-42306.exe
4352	Unicorn-61788.exe
3228	Unicorn-50091.exe
2596	Unicorn-54772.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
4196	4300	WerFault.exe	109
4660	2080	WerFault.exe	110
8180	6256	WerFault.exe	245
7936	6420	WerFault.exe	276
7340	6004	WerFault.exe	230
5512	18540	WerFault.exe	980
19816	8716	Process not Found	1117
12456	7588	Process not Found	1163

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18832	dwm.exe
Token: SeChangeNotifyPrivilege	18832	dwm.exe
Token: 33	18832	dwm.exe
Token: SeIncBasePriorityPrivilege	18832	dwm.exe
Token: SeCreateGlobalPrivilege	19316	Process not Found
Token: SeChangeNotifyPrivilege	19316	Process not Found
Token: 33	19316	Process not Found
Token: SeIncBasePriorityPrivilege	19316	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe
4060	Unicorn-31124.exe
5024	Unicorn-61824.exe
5028	Unicorn-50127.exe
2308	Unicorn-64875.exe
3224	Unicorn-15119.exe
404	Unicorn-53722.exe
3512	Unicorn-54891.exe
3152	Unicorn-55296.exe
4796	Unicorn-55296.exe
4672	Unicorn-55296.exe
2060	Unicorn-38695.exe
5084	Unicorn-57334.exe
3700	Unicorn-19094.exe
216	Unicorn-35836.exe
5072	Unicorn-37874.exe
3920	Unicorn-53132.exe
4300	Unicorn-65384.exe
2080	Unicorn-65384.exe
4552	Unicorn-45519.exe
4420	Unicorn-20460.exe
5096	Unicorn-25098.exe
4368	Unicorn-29182.exe
3572	Unicorn-26581.exe
4596	Unicorn-7942.exe
1448	Unicorn-49048.exe
3468	Unicorn-28628.exe
3688	Unicorn-19697.exe
4296	Unicorn-17720.exe
4188	Unicorn-51435.exe
2600	Unicorn-31834.exe
4712	Unicorn-51700.exe
4632	Unicorn-55208.exe
1700	Unicorn-55955.exe
3132	Unicorn-57299.exe
3048	Unicorn-11990.exe
1844	Unicorn-60636.exe
4992	Unicorn-56168.exe
4780	Unicorn-1221.exe
724	Unicorn-29617.exe
2704	Unicorn-23231.exe
3208	Unicorn-11243.exe
1800	Unicorn-41678.exe
4020	Unicorn-3075.exe
2856	Unicorn-47046.exe
2096	Unicorn-27388.exe
644	Unicorn-3075.exe
4848	Unicorn-3075.exe
4008	Unicorn-36110.exe
3940	Unicorn-7522.exe
2024	Unicorn-56723.exe
1172	Unicorn-3075.exe
3676	Unicorn-51123.exe
776	Unicorn-27388.exe
1524	Unicorn-45644.exe
2780	Unicorn-38030.exe
4984	Unicorn-17056.exe
4376	Unicorn-21140.exe
4628	Unicorn-17056.exe
3108	Unicorn-53242.exe
452	Unicorn-56042.exe
772	Unicorn-42306.exe
4352	Unicorn-61788.exe
3228	Unicorn-50091.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 4060	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	88
PID 928 wrote to memory of 4060	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	88
PID 928 wrote to memory of 4060	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	88
PID 4060 wrote to memory of 5024	4060	Unicorn-31124.exe	91
PID 4060 wrote to memory of 5024	4060	Unicorn-31124.exe	91
PID 4060 wrote to memory of 5024	4060	Unicorn-31124.exe	91
PID 928 wrote to memory of 5028	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	92
PID 928 wrote to memory of 5028	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	92
PID 928 wrote to memory of 5028	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	92
PID 5028 wrote to memory of 3224	5028	Unicorn-50127.exe	94
PID 5028 wrote to memory of 3224	5028	Unicorn-50127.exe	94
PID 5028 wrote to memory of 3224	5028	Unicorn-50127.exe	94
PID 4060 wrote to memory of 2308	4060	Unicorn-31124.exe	95
PID 4060 wrote to memory of 2308	4060	Unicorn-31124.exe	95
PID 4060 wrote to memory of 2308	4060	Unicorn-31124.exe	95
PID 928 wrote to memory of 404	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	96
PID 928 wrote to memory of 404	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	96
PID 928 wrote to memory of 404	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	96
PID 5024 wrote to memory of 3512	5024	Unicorn-61824.exe	99
PID 5024 wrote to memory of 3512	5024	Unicorn-61824.exe	99
PID 5024 wrote to memory of 3512	5024	Unicorn-61824.exe	99
PID 2308 wrote to memory of 4796	2308	Unicorn-64875.exe	101
PID 2308 wrote to memory of 4796	2308	Unicorn-64875.exe	101
PID 2308 wrote to memory of 4796	2308	Unicorn-64875.exe	101
PID 3224 wrote to memory of 3152	3224	Unicorn-15119.exe	100
PID 3224 wrote to memory of 3152	3224	Unicorn-15119.exe	100
PID 3224 wrote to memory of 3152	3224	Unicorn-15119.exe	100
PID 404 wrote to memory of 4672	404	Unicorn-53722.exe	102
PID 404 wrote to memory of 4672	404	Unicorn-53722.exe	102
PID 404 wrote to memory of 4672	404	Unicorn-53722.exe	102
PID 4060 wrote to memory of 5084	4060	Unicorn-31124.exe	103
PID 4060 wrote to memory of 5084	4060	Unicorn-31124.exe	103
PID 4060 wrote to memory of 5084	4060	Unicorn-31124.exe	103
PID 5028 wrote to memory of 3700	5028	Unicorn-50127.exe	104
PID 5028 wrote to memory of 3700	5028	Unicorn-50127.exe	104
PID 5028 wrote to memory of 3700	5028	Unicorn-50127.exe	104
PID 928 wrote to memory of 2060	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	105
PID 928 wrote to memory of 2060	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	105
PID 928 wrote to memory of 2060	928	4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe	105
PID 3512 wrote to memory of 216	3512	Unicorn-54891.exe	106
PID 3512 wrote to memory of 216	3512	Unicorn-54891.exe	106
PID 3512 wrote to memory of 216	3512	Unicorn-54891.exe	106
PID 5024 wrote to memory of 5072	5024	Unicorn-61824.exe	107
PID 5024 wrote to memory of 5072	5024	Unicorn-61824.exe	107
PID 5024 wrote to memory of 5072	5024	Unicorn-61824.exe	107
PID 3152 wrote to memory of 3920	3152	Unicorn-55296.exe	108
PID 3152 wrote to memory of 3920	3152	Unicorn-55296.exe	108
PID 3152 wrote to memory of 3920	3152	Unicorn-55296.exe	108
PID 4672 wrote to memory of 4300	4672	Unicorn-55296.exe	109
PID 4672 wrote to memory of 4300	4672	Unicorn-55296.exe	109
PID 4672 wrote to memory of 4300	4672	Unicorn-55296.exe	109
PID 3224 wrote to memory of 4552	3224	Unicorn-15119.exe	111
PID 3224 wrote to memory of 4552	3224	Unicorn-15119.exe	111
PID 3224 wrote to memory of 4552	3224	Unicorn-15119.exe	111
PID 4796 wrote to memory of 2080	4796	Unicorn-55296.exe	110
PID 4796 wrote to memory of 2080	4796	Unicorn-55296.exe	110
PID 4796 wrote to memory of 2080	4796	Unicorn-55296.exe	110
PID 2308 wrote to memory of 5096	2308	Unicorn-64875.exe	112
PID 2308 wrote to memory of 5096	2308	Unicorn-64875.exe	112
PID 2308 wrote to memory of 5096	2308	Unicorn-64875.exe	112
PID 3700 wrote to memory of 4420	3700	Unicorn-19094.exe	114
PID 3700 wrote to memory of 4420	3700	Unicorn-19094.exe	114
PID 3700 wrote to memory of 4420	3700	Unicorn-19094.exe	114
PID 404 wrote to memory of 4368	404	Unicorn-53722.exe	113

C:\Users\Admin\AppData\Local\Temp\4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b0873bb6ce9a9eb233c9cdc769529654e9d86d7d55a11c0cca499e118f00de3_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        9⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        10⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        10⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        10⤵
        
        PID:18528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        9⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        9⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        9⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        9⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        9⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        9⤵
        
        PID:18732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        8⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
        8⤵
        
        PID:18540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18540 -s 412
        9⤵
        Program crash
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7470.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        9⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        9⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        9⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
        8⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        8⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        8⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        8⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        7⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        8⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 472
        9⤵
        Program crash
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43534.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        8⤵
        
        PID:19372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        8⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        7⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
        8⤵
        
        PID:19064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        7⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        7⤵
        
        PID:19172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        7⤵
        
        PID:19092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        6⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        9⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        9⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        9⤵
        
        PID:18836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        8⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
        8⤵
        
        PID:19344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        7⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        7⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        8⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        8⤵
        
        PID:18656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        8⤵
        
        PID:19028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
        7⤵
        
        PID:19128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        8⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        7⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        6⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        7⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        7⤵
        
        PID:18688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
        7⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6770.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        5⤵
        
        PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        5⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        5⤵
        
        PID:18996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        9⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        9⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        9⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        8⤵
        
        PID:19332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        8⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        8⤵
        
        PID:18192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        8⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        7⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        7⤵
        
        PID:18896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        7⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
        6⤵
        
        PID:19376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        6⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        7⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        6⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        6⤵
        
        PID:19024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2463.exe
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        8⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        8⤵
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        7⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        7⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        7⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        6⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        6⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        5⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        5⤵
        
        PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        6⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        6⤵
        
        PID:18760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-277.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        5⤵
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        6⤵
        
        PID:18728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        5⤵
        
        PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
      4⤵
      PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
      4⤵
      PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 692
        6⤵
        Program crash
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        6⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        8⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        7⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        7⤵
        
        PID:18988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        6⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 492
        7⤵
        Program crash
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        8⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        7⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
        7⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        6⤵
        
        PID:19104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        6⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        6⤵
        
        PID:19416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        5⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        5⤵
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        9⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        9⤵
        
        PID:18776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
        8⤵
        
        PID:19004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        7⤵
        
        PID:19068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        7⤵
        
        PID:18860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        6⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        6⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13431.exe
        8⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        8⤵
        
        PID:18856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        7⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        7⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        7⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
        7⤵
        
        PID:19440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        5⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        5⤵
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        7⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        6⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
        6⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        5⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
      4⤵
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        5⤵
        
        PID:6256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 624
        6⤵
        Program crash
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        5⤵
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
      4⤵
      PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
      4⤵
      PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
      4⤵
      PID:18628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        7⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        7⤵
        
        PID:19104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        7⤵
        
        PID:19400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
        6⤵
        
        PID:19080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        7⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        7⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        6⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        7⤵
        
        PID:18708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        6⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        5⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        7⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        6⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        6⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        6⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        6⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        6⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        5⤵
        
        PID:19432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
        5⤵
        
        PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        5⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        5⤵
        
        PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39854.exe
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
      4⤵
      PID:18996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
      4⤵
      PID:19308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        6⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        5⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        5⤵
        
        PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        5⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        5⤵
        
        PID:18896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
      4⤵
      PID:6268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        6⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
        5⤵
        
        PID:18736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        5⤵
        
        PID:18544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        5⤵
        
        PID:18772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
      4⤵
      PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
      4⤵
      PID:18772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        5⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
      4⤵
      PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
      4⤵
      PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
    3⤵
    PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
    3⤵
    PID:10600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    3⤵
    PID:14400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        10⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        10⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        10⤵
        
        PID:18764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        9⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        9⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        9⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
        8⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        9⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        8⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        7⤵
        
        PID:17748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        8⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        7⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        7⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        8⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        7⤵
        
        PID:18608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        6⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        6⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        6⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        8⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        8⤵
        
        PID:18524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
        7⤵
        
        PID:18876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        7⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        6⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        7⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        8⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        7⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        7⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        7⤵
        
        PID:18516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        7⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        7⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        6⤵
        
        PID:19212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        5⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        5⤵
        
        PID:18888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        8⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        8⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        7⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        5⤵
        
        PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        7⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
        7⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        6⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        6⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        6⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        5⤵
        
        PID:19052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        6⤵
        
        PID:18744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        6⤵
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        5⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        5⤵
        
        PID:19168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
      4⤵
      PID:18832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        8⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        8⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        7⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        5⤵
        
        PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        8⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        6⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
        6⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        6⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22588.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        6⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        5⤵
        
        PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
      4⤵
      PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24198.exe
      4⤵
      PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
      4⤵
      PID:19276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
      4⤵
      PID:4936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11243.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        7⤵
        
        PID:18500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        6⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        6⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31413.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        5⤵
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        6⤵
        
        PID:18932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        5⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        5⤵
        
        PID:18460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
      4⤵
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        5⤵
        
        PID:18132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        5⤵
        
        PID:18492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
      4⤵
      PID:14972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
      4⤵
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        6⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        6⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        5⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        6⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61895.exe
        6⤵
        
        PID:19260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        5⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        5⤵
        
        PID:19352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
      4⤵
      PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
    3⤵
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        5⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        5⤵
        
        PID:19040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
      4⤵
      PID:17336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
    3⤵
    PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
      4⤵
      PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
      4⤵
      PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
    3⤵
    PID:9104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
    3⤵
    PID:11984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
    3⤵
    PID:16940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
    3⤵
    PID:19396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 720
        5⤵
        Program crash
        
        PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        7⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        7⤵
        
        PID:18904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        6⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        7⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        6⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        6⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        7⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        7⤵
        
        PID:19320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        6⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        5⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        5⤵
        
        PID:19276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44366.exe
      4⤵
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        7⤵
        
        PID:19108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        6⤵
        
        PID:19388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
      4⤵
      PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
      4⤵
      PID:17112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        5⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        7⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        7⤵
        
        PID:19284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        7⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        6⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        6⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        5⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        6⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        7⤵
        
        PID:18436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
        5⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
      4⤵
      PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
      4⤵
      PID:19176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        7⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        6⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        5⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        6⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        6⤵
        
        PID:728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        5⤵
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
      4⤵
      PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
      4⤵
      PID:17072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
    3⤵
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        6⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        5⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        5⤵
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
      4⤵
      PID:16768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
    3⤵
    PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
      4⤵
      PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
    3⤵
    PID:7808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
    3⤵
    PID:12176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
    3⤵
    PID:16592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
    3⤵
    PID:5548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        6⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        5⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38836.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        5⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        5⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41652.exe
        5⤵
        
        PID:18868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
      4⤵
      PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
      4⤵
      PID:19136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
      4⤵
      PID:18644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        6⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        6⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        5⤵
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        5⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        5⤵
        
        PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
      4⤵
      PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
      4⤵
      PID:17640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        5⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        5⤵
        
        PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
      4⤵
      PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
    3⤵
    PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      4⤵
      PID:13376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
      4⤵
      PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
      4⤵
      PID:18556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
    3⤵
    PID:10768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
    3⤵
    PID:15336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
      4⤵
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12519.exe
        6⤵
        
        PID:18576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        5⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        5⤵
        
        PID:18440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
      4⤵
      PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
      4⤵
      PID:17284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
    3⤵
    PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
      4⤵
      PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
      4⤵
      PID:19076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
    3⤵
    PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
      4⤵
      PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
      4⤵
      PID:18464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
    3⤵
    PID:10800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
    3⤵
    PID:18752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        5⤵
        
        PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
      4⤵
      PID:18596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
      4⤵
      PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
      4⤵
      PID:18676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
      4⤵
      PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
    3⤵
    PID:9924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
    3⤵
    PID:15196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
    3⤵
    PID:1720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
  2⤵
  PID:5664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
  2⤵
  PID:7196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
    3⤵
    PID:9288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
    3⤵
    PID:15180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
    3⤵
    PID:18476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
  2⤵
  PID:10420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
  2⤵
  PID:2852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
  2⤵
  PID:18908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
  2⤵
  PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4300 -ip 4300
1⤵
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2080 -ip 2080
1⤵
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 6004 -ip 6004
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6420 -ip 6420
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6256 -ip 6256
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 18540 -ip 18540
1⤵
PID:4876

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe

Filesize
184KB

MD5
b9cfbe6ef933a6a599e69211fd144136

SHA1
e12717f2635001d7b6393746dbae0c980c63e1a3

SHA256
78294668b09f527e9edfd61ab5778f9a00a5ae7692d411ed0008422ae56446e0

SHA512
3dd8e78f8b03ccf8d5449424e885f22d7446fe8d73cb2caf73ace72645dd127c0979a4d6697ebff7551ec51afc332006ac22b19f90a60fdf485114f0a477cd0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe

Filesize
184KB

MD5
c558c5fc9924b69d19ca47fe8d6bc8ce

SHA1
8a147f81ceb1acae01d254896197b159724e9ce6

SHA256
2737e42eb5ecf7e1fbd2d8718a773113a49d509e0e9301aced448433e1efe9fe

SHA512
70f00a1bb053eac24777a64871d068752aec9cd6bc2e3ed4438744b3e1bbca67d97ef12523f8ff5ebe411910b51060eacf0f91c5d79e1eb7c7dd0030a60d9925

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe

Filesize
184KB

MD5
24599e436f59569e86ddf5e646b80368

SHA1
db921ac21b42f9560e4e4d0acc1aed185fa441fb

SHA256
b1bba028b474439bdafa7e033164082edf7cea8e2cf5633b482456e72b28bcdc

SHA512
34197384b70d4f36bac91cd1ecc6792f0d53d9f85fa8ed48ff3ef988dabf68130bdfe61ef3495964f8e340647e807a3452269deb0f696d61d0d07722f755734f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe

Filesize
184KB

MD5
5edb8a22f45279a24c25fadc36829144

SHA1
5eeededdffbffcef388cfa36bb891874f6f9dea0

SHA256
bd2df17b041dd27417e93d67b394e7e21f947405f2ee60a05c5b5cb91add7c8d

SHA512
6ff52860bf9cb49c4d9023666091331ec63c049dd1dfcbaf8cdac9e68226c522f356de9addc5ca12e14963d1d2cb88b1abbc923c8104f368e28201a855688dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe

Filesize
184KB

MD5
ec227cb8d3d7bcc6bdf9f9d3120e331d

SHA1
6f17d40b7c77c637b6ef39ae0f2ac897f92e6955

SHA256
5c2bddba3971cecb03892b21e65fc33e9d359ceae609d9b751d9851ac76d1c59

SHA512
2b710e1706968ccdc5611ec9c8b54bd02bc6fd38e89b9c04d99ded7fbccdfe3223cf465c37144df9e4c02b4970e6fd7beef6b2e84ff65861129ada7dde87b581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe

Filesize
184KB

MD5
0f616494c63d7a3118197712b9e46134

SHA1
145a3248386d420a9f6990bc353bf3f0c6d0d14e

SHA256
2a95e9717f09dd68b010b287324b3a3778503cb779249e8d1bb39fb9adc09e0a

SHA512
9c5bd05bf142d98f016abe9133ed7a61514dc1a67c298ef21396208a9ab95ccba0b8a4f7aa8fba06c94c780a4762cf81456546d2236388c233cc0930b0eb0b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe

Filesize
184KB

MD5
136c5cfa1b6a3cf04270694e8a7c1b7b

SHA1
ace39325bff564c47c9c94b2731608d003274349

SHA256
c5eeeb0f70141a1fe82247d10a3a8c5e2860a5ea074a4b9f5a0dc56599fa9adb

SHA512
c095b270170773b0875ce8067d1c71e743a961e635c797885c24edf862eb2919e3639593191d25c840e7241ef841832aec8c91722254c263ed24a7c5d9b82c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe

Filesize
184KB

MD5
255c2926dac938a8892268f6a347f521

SHA1
4436c0a3e9f37b1d09c41358f07b93399be686d8

SHA256
c6bb4405b27fb63e36f63e0bea117ca4d0ff66e7692a507c0c1bd025f37709e4

SHA512
e7f816ec78a7e8c3e1caa6ddfd81ac302e73b459944b6e47588be8f903539f237feb89d6e65d3327989bee4df8dfa8132e5ced2af24dab2ad6a4319fc94d3ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe

Filesize
184KB

MD5
42765a48ba961b710851a51fac111bb4

SHA1
2fc5881c9d97036754f5b9796207a0a916286434

SHA256
dd14d79c41713f08ad9b4a1668b7b948978fcf042f04cc37072b87b4062e62af

SHA512
301e12b37bd81df47fb61613d218899a9f39b3184880c33d3ea06e8d42a541a97bbaf8e8516536c062c8e609c25002754d1fc891df4485c07340c9195075933a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe

Filesize
184KB

MD5
e9d70b0fcbd19d9a735244826c96ef1a

SHA1
9cfd9f8e040a46e65eec399504ec3d05b6d3cd4a

SHA256
726b59b0c2ec5ab3902005567659edcea54c51b6d6a8456d0817586b32dbb5d0

SHA512
6db4306ecbcae8fa565a02da4c1c59fe67532902f2e24b2b7c9018c1e4eec77210c9768cad8b57007838d4d14726283bdb64c2d089b2fc474fe27a50ab5ba825

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe

Filesize
184KB

MD5
a89f531826d9b70cb3a7925a95c26d75

SHA1
2dcc872280e7ec723b3421b1f71a5f65a27acbbb

SHA256
adc7261a202d9e78874f18f9ba1f47c424cd7e31a18c49080ad243563477aba3

SHA512
da731539378c0ec6fd380ae9294bf6cb74c03a288ec105cc5e64ee6347b87d3dbf79e3ab47d7e5bd6ffd577f5624d2bd8194d7994dafc709c4a8c22f156fdeb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe

Filesize
184KB

MD5
ac58d8e2652d968776ebb3cc8a21d265

SHA1
c3d691265e20038c1881731640ff66fb43b186e3

SHA256
4d2305cf50b8afd5ad33f81fe318e344f0c886f6a0eb645a44a5be1c54dfc1b6

SHA512
5a1b58f22d99df7375fba9d8b19e4dc5487be97a918437b342f9ba3f52665d1dae04b0ce0fb9a3e28792b7fb490e1899dee1fe11b94009663bf418391078475c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe

Filesize
184KB

MD5
370731d20c9510f6cd087796be921393

SHA1
2ac39967fd2e35830ebf38d5d8b14ba64faebd6e

SHA256
cc47f43645020b73bedf5aa7a29aa2186867d199bde2799e177baf8fc5d2dce6

SHA512
be7b8335731ad7f12ac193a6dd5f7828dde82aa858b60d9ff6e35afe6f396ecf61211518a7b47dce5147ee3622dabab8fd4237337fb2c8e1f67afb13f27d4248

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe

Filesize
184KB

MD5
3b8a4401ee62d7d78f26e14a5d5be582

SHA1
69df973ad3f71cd07649e0f1ba55e0fd19dc4930

SHA256
30cb69df7d87ecda410acd8c3e6f9a7837474e74c4a562fdec05d4934ccc1fdf

SHA512
4d46d8a47fe553d0a007e1eda2245b6e484ea5e0152e22d55c9d6984314d19800307587d24d0585797a7a983553f4b0c6e111eaf986b78c058e3eed42b783d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe

Filesize
184KB

MD5
63a043ef1cd000e30e6e8fd245ada055

SHA1
3275afd883faf3839357d1c60ad1947a095e1216

SHA256
4a586425e86116f60f1852a4c965fa039a895babf30803af6e4a4f2b0416ddd4

SHA512
16df6236919d8b6f2b2e54d33a57cf6b323c9195694f7b974c95cf1fd8603dc0463b53b1efa1617822598fea05af4c03daa7386e6c3e1ccaf14ff6bb10d33b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe

Filesize
184KB

MD5
bfc1b682cdbede4a2fc4b1779385c2b0

SHA1
b2f113edd488dce1ea3cd679413bae366f424e0c

SHA256
d689bca47d4e7339d17f528862bb7e8785175c55fba2493d1bb929e5f9f4cb7d

SHA512
56ec4381660f3581df218f797b13a09c8b7a9e005f0f9ae310c0e68458f47bc41bd4185acf71fef2b7ba73a0674432ab255711336493bfb78fc599ed933d2cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe

Filesize
184KB

MD5
fc0c7dae49b412b659a1ab068e445c86

SHA1
851f9b147964011e46f182957feb0d1e554b1730

SHA256
637587c866b45ea752f4e4efbe04f9f929291777adeb64973eb74d446895fdb1

SHA512
44ab605cdb01d0f469b263cf8711dc379b60cf02f785a49f2a56aa26281cf70938e292dc4ce9903b030e4911c20b5e41ec8b8939b9e281c87847864e88bfb4ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe

Filesize
184KB

MD5
41587bfbb1c1b39e84121326b542c3df

SHA1
284879ef61b5cce64637a2e4e2f3c32fcc28cdd9

SHA256
7a74177e1d579fbe346c4dc79d7d12c0a5015cc2a97ddd3e83355a38739c18a9

SHA512
115341798606c92c5193d569744fcd311c787c41e322acb0c3fff68dbdc6905715e43054ea3ff1e80f99a035c759ad48830b745374ecae25b1a82e8c00942024

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe

Filesize
184KB

MD5
2a9d92afc02fad02cb63938f87042120

SHA1
a1114732e9257c2f508e2c447ef7ee19784c6994

SHA256
ec0b66520351306b25dcd3288c94a7d20340331934a9cb04b60acbf4242a31e4

SHA512
e5649acbe66af243860ea5bba5442c91da700d27759f9a7cf960660d6e37c1ba45802823c5600daf99ae2dec36ade232f18653710d4d8fae18053c4eb70ea0d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe

Filesize
184KB

MD5
447bb615b99a68c4a7dc0e86f9d9926c

SHA1
36b315355cbbf22f0dcb5b7074023e5ff4dafd33

SHA256
79d4ea855e42019fb916136d240d2c80df6fd255981b63a60a933884c353685e

SHA512
6bc910d6cb514b5eab0cc76c933a263f79046165f5ff1f27c49f5867ac1b91f05bbbdfd309c4eefd5b2541a726e2d8eb992e0b1bdabf9c10933e3f4288319891

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe

Filesize
184KB

MD5
61f263bc65a726f47b2507b725895379

SHA1
b52688a226bb621998560a853e6bb4f83e4326bd

SHA256
995217f3d2e5033d94545aa618608276306c73aaba430f876e1cb40ba60fdc66

SHA512
fa116bcc947c7cd4d06035ad06aa6e4021b93ad74144f986c01962c71267d6db04e5c802ad08ae1fbc5961565679325c9f27de65c5242c5b1caa7ffbe81a6912

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe

Filesize
184KB

MD5
323cf0479bf9a247fc86944b9c327c48

SHA1
5fc04f91ea7cd0249aaabe48742cf884fafb62a7

SHA256
68e736e16b40c112ef0278692b47f03b52b0427014b92156797c11a4b8a2ca48

SHA512
cbaec16a99583faf962090c0ce595e1b4697290e0388d23121d1026386d73c46dbc952ac7eb3f7a7164aa13abbce885b7731bc779bccf08df983bd2a206d707f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe

Filesize
184KB

MD5
d15b8b2161fac2c2244a6e03cdd438a2

SHA1
f37c9021c0ae831438a8d12843adbc67b7fc91a1

SHA256
e6aecd0a2e2dff0819b7aaaf4b051a3d022dec3ed2bf2ca7251ffd0a1076dea1

SHA512
b9345fd558ceb5d9d0efd9875c4cedb1f3005037928807e6aad8826651300c6c5703abf6c116c19dd1cf465208bfe3ebbd124c819812b340d4018b518104f8f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe

Filesize
184KB

MD5
a0f6c86f7f2c3e50bd31d0d6d7253b4f

SHA1
748cbefddb2546a11921ccb99a356864ab47d832

SHA256
ae0fce8df2993951fc0926727dec82ab33a3d95c0c1814d098c8721187dbe7ee

SHA512
cb4f713ce126a6dfb0f7d157108e138840d14b92a595b96c9afb5486624e140fd4ad336814bc6202bf047010a81ba6d9f84f2df6886ef0860818ef5d8c6317f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe

Filesize
184KB

MD5
1b3b622e4ffddcda093b14c64928f736

SHA1
00b5df389fdb155aa06f8a972c593b1c86b63cdf

SHA256
6ed6dc01255601efd24349fc273eaf6b2947a2642afc256b612630feef194094

SHA512
9ed3c030e768ff3367e4602f9a429f935607d091f3e585d8bd611b2ab0316c9a90482019d2d5dde0d585bf0640d5f97824ff7c2e3a7f745b04595eb844d3ec13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe

Filesize
184KB

MD5
4ebf76f0f5ddc5914c72bcc9feb5ee93

SHA1
e592523afef7c31779f6ec8deee853d6eeb2fb2d

SHA256
21ee7bda8dd6cfec34827838ef8589a7110570012d8cf5735032fd29b4adff08

SHA512
e11ee8122071937fa84d55e6dc87abd1e89b59200d14be0ec0639cd1a0e7f8a5b5df17d1508d00a4588056b3fa77a919f21c36d879528e577aa069b45ee77c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe

Filesize
184KB

MD5
46364553306b7051801dddc86e66c99e

SHA1
c2fd3a20982f96f1ea22697016447832acedd4bc

SHA256
d3e00da69d6c4e4d8aa8e125b773514699da88ad473ab2383b9446b926bb3d8f

SHA512
fe24ecced97d8081d6ad3dcb7068a0985bed313cd163d26a975a555a4ed368c745504571404807931979fe035d173bde7a162ca4a046a56e9f57cbd4c170a65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe

Filesize
184KB

MD5
18a489157ef02f0aba76fb081550c9fb

SHA1
52a4c4c504ae9726291f5d80764a0fca59576273

SHA256
87f85cde0838d9382b0f940ebf777ecedd21d7dd968f9e90f31ad62d31a0eab8

SHA512
0ae964c2cce7ca7ef60deca51b87776ed57b0f077b92876f2fcb284277fad5469d5ada3841d32eb5974ba12642f13e72a7c73ee8a4a1719086ea38854e4c5579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe

Filesize
184KB

MD5
7dc569211837de44b22b3a585e76292f

SHA1
2100afd2b59304e1ecd81342608322fa2da2bb5d

SHA256
b536eff5d8407b83f1101aa72299658723ca78e5762b0a34542eaee66ffbd2b8

SHA512
1244d2e9ef247c87cc02e9e6d7e5640935a871efd23c8febb5509ea186732753c6f04175ae13824383f044fddac5b1840fc8772d79a9f736b8bf39654588ed47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe

Filesize
184KB

MD5
ee8756e69aed274245bd731db11d069f

SHA1
186c91939d6a4862a9a6c1024cceb72f9d6f31da

SHA256
ba8fcf81f4fdde0b3deb5ed086f69696065eec050cf0fdf5a75fe8d6738b7cce

SHA512
9946bf86b01a5abe6e8d1642ca3038a247a34601c9497f66f85ac84cd5883a484ea3330f9a1977bdefc9f355799d28da2a1a8ab8ecf20f808a70b24fdfd84c8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe

Filesize
184KB

MD5
3f786e3a183b10e9387112753fd1869f

SHA1
4b1f6c0d29bdacfbb8413a7b6ee0f30a6b6b1fb6

SHA256
ddd5a36deee52e5cc459b0c46cea447238b92a7fabb2fc9719384f31c51414e6

SHA512
96ac289e52b744883cdbb5ec730d198bbe0b218365db5307b726d44d6eefc4b47f171f28e87d1e3b73a94c2295565f26053a0993308f510f6c2ee13db2e4d6ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe

Filesize
184KB

MD5
6ee513b3ffc6b72fd94c96d734ed5696

SHA1
39a68bc92b85ed35d5270aecf65ede13467e8703

SHA256
f79892f2af25f98c3883e2c3def207356ecac5e7104b93774bd6820c9cf14ddc

SHA512
531313aafcf362b1eec52e08a97559301c48050ca217c18ee4290b14199659419640f48a713af92d23822ad6726de55f5a877c76d82bf79c4a71ad9589012a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe

Filesize
184KB

MD5
0e34f7dd95956250ac1146fc19481e6c

SHA1
7661dc072f4b6e139f013672b0bd546bf38ce818

SHA256
79b75a51d7e93d8df8d4ab668ee8864ce3458e563ac6303550a7452a05a94208

SHA512
eb26fe616d8d6c2f3edaa0e8a8d576a6e6fa0f3bed57e2f8f2f09906ea6e348584925bc44f827d75d770250b27cdd428cc57affd4b6860c392f9e7ecb747affd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe

Filesize
184KB

MD5
83e6c7b5addbd70355e39c7451e8e6f9

SHA1
97c2db971b1ae01197c89adbac23f296b0b0885d

SHA256
10ba8c849006773f640c09b812da0830d567b98612553c9809df18db81001169

SHA512
6c97653227c0216524d2fd042f348282f89c40ecf8e1faa5ee5e544e2fb856cad7b63ace03d51d06cf3d1bbf9a9c7e0ddd835fcf4587a336491879062a1ccb55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe

Filesize
184KB

MD5
e86f948f664928e1e428627942da8932

SHA1
652f55b2ae612724a09cca5ded4072f89ad110e3

SHA256
921b458739d19c52edd168937c8c3f5015f60d4cd35aa3e51a560928e7a74e3b

SHA512
e376a113fc984062cba9ea88066e99f30dd2d102ad62fe13ae6b475fa93375b35c77628b031dafc7a9ee04844d28b52a938e542e29486355faad5712a42a43db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads