e7a8b98418cb6b3cb12d56731d6058b7b08ca39339d76c7e1ef02d9ca76f267e

Analysis

max time kernel
149s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe
Size

184KB
MD5

1e9aa969bc291f841a98e0614a39aec0
SHA1

f0c1fb6edb3a5d645ac445c19e2873a9574ed58f
SHA256

e7a8b98418cb6b3cb12d56731d6058b7b08ca39339d76c7e1ef02d9ca76f267e
SHA512

5e41e9bf3014bda54b28b25e0fd90be071ff5b4a23e926d849277d846d0c7d40b63aa73a07b5dbcee1701bc23a34784157be3864c8d53db02248b4fdf2430a9f
SSDEEP

3072:o2d6Bko4LXzbFOptW8nCCNIYlvnqnviuS:o2NoyBOp1CyIYlPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1300	Unicorn-56115.exe
3204	Unicorn-16199.exe
2360	Unicorn-35227.exe
4612	Unicorn-39717.exe
4264	Unicorn-42409.exe
1008	Unicorn-7712.exe
1052	Unicorn-8772.exe
4844	Unicorn-11465.exe
532	Unicorn-18010.exe
740	Unicorn-47759.exe
3076	Unicorn-51751.exe
3092	Unicorn-7438.exe
5076	Unicorn-42405.exe
444	Unicorn-31776.exe
3312	Unicorn-17901.exe
832	Unicorn-36951.exe
4492	Unicorn-10308.exe
1636	Unicorn-4178.exe
1780	Unicorn-15461.exe
4240	Unicorn-32602.exe
4420	Unicorn-58747.exe
4136	Unicorn-47812.exe
2996	Unicorn-749.exe
4964	Unicorn-44844.exe
2024	Unicorn-9478.exe
3616	Unicorn-53012.exe
836	Unicorn-9286.exe
3924	Unicorn-42051.exe
3480	Unicorn-14823.exe
5040	Unicorn-35336.exe
4528	Unicorn-9670.exe
2324	Unicorn-31160.exe
3900	Unicorn-31160.exe
4484	Unicorn-48565.exe
912	Unicorn-58414.exe
3440	Unicorn-54703.exe
512	Unicorn-32037.exe
3496	Unicorn-12171.exe
2764	Unicorn-42343.exe
448	Unicorn-42343.exe
3040	Unicorn-22477.exe
408	Unicorn-63832.exe
4824	Unicorn-18393.exe
3096	Unicorn-32128.exe
3436	Unicorn-17652.exe
2536	Unicorn-54678.exe
4388	Unicorn-53509.exe
1272	Unicorn-55555.exe
2508	Unicorn-58248.exe
1344	Unicorn-10438.exe
1072	Unicorn-25797.exe
2972	Unicorn-16469.exe
1692	Unicorn-1756.exe
4740	Unicorn-8300.exe
4428	Unicorn-48575.exe
5116	Unicorn-39603.exe
4784	Unicorn-7293.exe
4880	Unicorn-5669.exe
3128	Unicorn-10557.exe
4340	Unicorn-27058.exe
1000	Unicorn-46209.exe
3512	Unicorn-55446.exe
824	Unicorn-60407.exe
1660	Unicorn-44071.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2972	2360	WerFault.exe	93
8636	5456	WerFault.exe	225
11948	11292	WerFault.exe	526
15452	14204	WerFault.exe	763
15444	3620	WerFault.exe	759
5584	16420	WerFault.exe	816
17488	16668	WerFault.exe	873
4700	17616	WerFault.exe	1029

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 44 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18424	dwm.exe
Token: SeChangeNotifyPrivilege	18424	dwm.exe
Token: 33	18424	dwm.exe
Token: SeIncBasePriorityPrivilege	18424	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe
1300	Unicorn-56115.exe
3204	Unicorn-16199.exe
4612	Unicorn-39717.exe
4264	Unicorn-42409.exe
1008	Unicorn-7712.exe
1052	Unicorn-8772.exe
4844	Unicorn-11465.exe
532	Unicorn-18010.exe
740	Unicorn-47759.exe
3092	Unicorn-7438.exe
3076	Unicorn-51751.exe
5076	Unicorn-42405.exe
444	Unicorn-31776.exe
4136	Unicorn-47812.exe
1636	Unicorn-4178.exe
4420	Unicorn-58747.exe
1780	Unicorn-15461.exe
3312	Unicorn-17901.exe
832	Unicorn-36951.exe
4240	Unicorn-32602.exe
4492	Unicorn-10308.exe
2996	Unicorn-749.exe
4964	Unicorn-44844.exe
2024	Unicorn-9478.exe
3616	Unicorn-53012.exe
836	Unicorn-9286.exe
3924	Unicorn-42051.exe
3480	Unicorn-14823.exe
5040	Unicorn-35336.exe
4528	Unicorn-9670.exe
3900	Unicorn-31160.exe
2324	Unicorn-31160.exe
4484	Unicorn-48565.exe
512	Unicorn-32037.exe
912	Unicorn-58414.exe
3440	Unicorn-54703.exe
3496	Unicorn-12171.exe
3040	Unicorn-22477.exe
2764	Unicorn-42343.exe
408	Unicorn-63832.exe
3436	Unicorn-17652.exe
448	Unicorn-42343.exe
3096	Unicorn-32128.exe
4824	Unicorn-18393.exe
2536	Unicorn-54678.exe
4388	Unicorn-53509.exe
1272	Unicorn-55555.exe
2508	Unicorn-58248.exe
1344	Unicorn-10438.exe
1072	Unicorn-25797.exe
2972	Unicorn-16469.exe
4740	Unicorn-8300.exe
1692	Unicorn-1756.exe
4428	Unicorn-48575.exe
5116	Unicorn-39603.exe
4784	Unicorn-7293.exe
4880	Unicorn-5669.exe
3128	Unicorn-10557.exe
4340	Unicorn-27058.exe
824	Unicorn-60407.exe
1000	Unicorn-46209.exe
3512	Unicorn-55446.exe
4872	Unicorn-20121.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 1300	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	88
PID 452 wrote to memory of 1300	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	88
PID 452 wrote to memory of 1300	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	88
PID 1300 wrote to memory of 3204	1300	Unicorn-56115.exe	92
PID 1300 wrote to memory of 3204	1300	Unicorn-56115.exe	92
PID 1300 wrote to memory of 3204	1300	Unicorn-56115.exe	92
PID 452 wrote to memory of 2360	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	93
PID 452 wrote to memory of 2360	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	93
PID 452 wrote to memory of 2360	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	93
PID 3204 wrote to memory of 4612	3204	Unicorn-16199.exe	99
PID 3204 wrote to memory of 4612	3204	Unicorn-16199.exe	99
PID 3204 wrote to memory of 4612	3204	Unicorn-16199.exe	99
PID 1300 wrote to memory of 4264	1300	Unicorn-56115.exe	100
PID 1300 wrote to memory of 4264	1300	Unicorn-56115.exe	100
PID 1300 wrote to memory of 4264	1300	Unicorn-56115.exe	100
PID 452 wrote to memory of 1008	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	101
PID 452 wrote to memory of 1008	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	101
PID 452 wrote to memory of 1008	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	101
PID 4612 wrote to memory of 1052	4612	Unicorn-39717.exe	102
PID 4612 wrote to memory of 1052	4612	Unicorn-39717.exe	102
PID 4612 wrote to memory of 1052	4612	Unicorn-39717.exe	102
PID 3204 wrote to memory of 4844	3204	Unicorn-16199.exe	103
PID 3204 wrote to memory of 4844	3204	Unicorn-16199.exe	103
PID 3204 wrote to memory of 4844	3204	Unicorn-16199.exe	103
PID 4264 wrote to memory of 532	4264	Unicorn-42409.exe	104
PID 4264 wrote to memory of 532	4264	Unicorn-42409.exe	104
PID 4264 wrote to memory of 532	4264	Unicorn-42409.exe	104
PID 1300 wrote to memory of 740	1300	Unicorn-56115.exe	105
PID 1300 wrote to memory of 740	1300	Unicorn-56115.exe	105
PID 1300 wrote to memory of 740	1300	Unicorn-56115.exe	105
PID 1008 wrote to memory of 3076	1008	Unicorn-7712.exe	106
PID 1008 wrote to memory of 3076	1008	Unicorn-7712.exe	106
PID 1008 wrote to memory of 3076	1008	Unicorn-7712.exe	106
PID 452 wrote to memory of 3092	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	107
PID 452 wrote to memory of 3092	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	107
PID 452 wrote to memory of 3092	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	107
PID 1052 wrote to memory of 5076	1052	Unicorn-8772.exe	108
PID 1052 wrote to memory of 5076	1052	Unicorn-8772.exe	108
PID 1052 wrote to memory of 5076	1052	Unicorn-8772.exe	108
PID 4612 wrote to memory of 444	4612	Unicorn-39717.exe	109
PID 4612 wrote to memory of 444	4612	Unicorn-39717.exe	109
PID 4612 wrote to memory of 444	4612	Unicorn-39717.exe	109
PID 4844 wrote to memory of 3312	4844	Unicorn-11465.exe	110
PID 4844 wrote to memory of 3312	4844	Unicorn-11465.exe	110
PID 4844 wrote to memory of 3312	4844	Unicorn-11465.exe	110
PID 740 wrote to memory of 832	740	Unicorn-47759.exe	111
PID 740 wrote to memory of 832	740	Unicorn-47759.exe	111
PID 740 wrote to memory of 832	740	Unicorn-47759.exe	111
PID 532 wrote to memory of 4492	532	Unicorn-18010.exe	112
PID 532 wrote to memory of 4492	532	Unicorn-18010.exe	112
PID 532 wrote to memory of 4492	532	Unicorn-18010.exe	112
PID 3204 wrote to memory of 1636	3204	Unicorn-16199.exe	113
PID 3204 wrote to memory of 1636	3204	Unicorn-16199.exe	113
PID 3204 wrote to memory of 1636	3204	Unicorn-16199.exe	113
PID 3092 wrote to memory of 1780	3092	Unicorn-7438.exe	114
PID 3092 wrote to memory of 1780	3092	Unicorn-7438.exe	114
PID 3092 wrote to memory of 1780	3092	Unicorn-7438.exe	114
PID 1300 wrote to memory of 4240	1300	Unicorn-56115.exe	115
PID 1300 wrote to memory of 4240	1300	Unicorn-56115.exe	115
PID 1300 wrote to memory of 4240	1300	Unicorn-56115.exe	115
PID 452 wrote to memory of 4420	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	116
PID 452 wrote to memory of 4420	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	116
PID 452 wrote to memory of 4420	452	1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe	116
PID 4264 wrote to memory of 4136	4264	Unicorn-42409.exe	117

C:\Users\Admin\AppData\Local\Temp\1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e9aa969bc291f841a98e0614a39aec0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        10⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        11⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        11⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        11⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        11⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        11⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        10⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        10⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        10⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        10⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        10⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        10⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        10⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        9⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
        9⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        9⤵
        
        PID:16420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16420 -s 464
        10⤵
        Program crash
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        9⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        9⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        10⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        10⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        9⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        9⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7280.exe
        9⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        9⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
        9⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
        10⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
        10⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        10⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55816.exe
        9⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        9⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
        9⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        8⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7982.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        9⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        9⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        9⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
        9⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        8⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16026.exe
        8⤵
        
        PID:18392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        7⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        7⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29959.exe
        10⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        10⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        10⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        9⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        9⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        9⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        9⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
        9⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        9⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        8⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        9⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        9⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        9⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        8⤵
        
        PID:17848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        8⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        8⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        7⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
        7⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        9⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        9⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        9⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        9⤵
        
        PID:17616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17616 -s 276
        10⤵
        Program crash
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6563.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        8⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        8⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        7⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        7⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        7⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        7⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        7⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        6⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        9⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        10⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        10⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        10⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        9⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        9⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        9⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        9⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        9⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        8⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        8⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
        8⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        8⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45323.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        7⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
        8⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        8⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        8⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        8⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        7⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
        7⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        8⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        7⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        9⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        9⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        8⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        8⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14204 -s 180
        9⤵
        Program crash
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        8⤵
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23130.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        8⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        8⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        7⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        7⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        7⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28018.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        6⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        8⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        7⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        7⤵
        
        PID:17616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        7⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
        6⤵
        
        PID:14764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        5⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        5⤵
        
        PID:18108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
        9⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        9⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        9⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        8⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        8⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9026.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        8⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        7⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        7⤵
        
        PID:17564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        8⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        7⤵
        
        PID:18400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        7⤵
        
        PID:18152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        6⤵
        
        PID:18384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
        7⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2999.exe
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        6⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        6⤵
        
        PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        7⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7570.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        6⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
        5⤵
        
        PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        6⤵
        Executes dropped EXE
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        8⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        8⤵
        
        PID:18368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        7⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        7⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        6⤵
        
        PID:18352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        6⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
        7⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
        7⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        7⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        6⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        6⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        6⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        5⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        5⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        5⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        6⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        7⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        7⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        6⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        6⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        5⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
      4⤵
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        6⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        5⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        5⤵
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
      4⤵
      PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
      4⤵
      PID:16784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        8⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        8⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        7⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        7⤵
        
        PID:18248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        7⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        7⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10996.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        9⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        9⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        9⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        8⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        7⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        7⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        7⤵
        
        PID:18392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        7⤵
        
        PID:18120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        5⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        5⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        5⤵
        
        PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        8⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        8⤵
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        8⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        8⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        6⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        6⤵
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
        8⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34572.exe
        7⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        7⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        6⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        5⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        7⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        7⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        6⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        6⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        5⤵
        
        PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        6⤵
        
        PID:712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        5⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        6⤵
        
        PID:17240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        6⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        5⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        5⤵
        
        PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
      4⤵
      PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
      4⤵
      PID:7928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        8⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        8⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        7⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
        6⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 628
        7⤵
        Program crash
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        6⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11292 -s 212
        7⤵
        Program crash
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        5⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        7⤵
        
        PID:18020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
        6⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        6⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        5⤵
        
        PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57789.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        6⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        5⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        5⤵
        
        PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
      4⤵
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
      4⤵
      PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
      4⤵
      PID:5892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        6⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        6⤵
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        5⤵
        
        PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
      4⤵
      PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      4⤵
      PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
      4⤵
      PID:18408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16744.exe
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
        5⤵
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        5⤵
        
        PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
      4⤵
      PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
      4⤵
      PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
    3⤵
    PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        5⤵
        
        PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
      4⤵
      PID:15908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
    3⤵
    PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
      4⤵
      PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
      4⤵
      PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
      4⤵
      PID:7788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
    3⤵
    PID:8560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
    3⤵
    PID:12352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
    3⤵
    PID:15748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
    3⤵
    PID:5808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 224
    3⤵
    - Program crash
    PID:2972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        8⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        8⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        7⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        7⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        7⤵
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        7⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        6⤵
        
        PID:16668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16668 -s 468
        7⤵
        Program crash
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        5⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        5⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        5⤵
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        6⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        6⤵
        
        PID:18084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
        6⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        5⤵
        
        PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36042.exe
      4⤵
      PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
      4⤵
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        5⤵
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
        5⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
      4⤵
      PID:15960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
      4⤵
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        6⤵
        
        PID:18304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        5⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        5⤵
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
      4⤵
      PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
      4⤵
      PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        5⤵
        
        PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
      4⤵
      PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
      4⤵
      PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
      4⤵
      PID:17572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
    3⤵
    PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
      4⤵
      PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
      4⤵
      PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
      4⤵
      PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
      4⤵
      PID:6672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
    3⤵
    PID:8416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
    3⤵
    PID:12320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
    3⤵
    PID:15740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
    3⤵
    PID:7888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        7⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        7⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        6⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        6⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        5⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        5⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        5⤵
        
        PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
      4⤵
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
        6⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        5⤵
        
        PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
        5⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
      4⤵
      PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
      4⤵
      PID:6264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        6⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        5⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        5⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
        5⤵
        
        PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
      4⤵
      PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
      4⤵
      PID:5776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36645.exe
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        5⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        5⤵
        
        PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      4⤵
      PID:15812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
    3⤵
    PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
      4⤵
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
      4⤵
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62891.exe
    3⤵
    PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
    3⤵
    PID:12392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
    3⤵
    PID:15728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
    3⤵
    PID:7516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
      4⤵
      PID:15520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
      4⤵
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
      4⤵
      PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        5⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        5⤵
        
        PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
      4⤵
      PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      4⤵
      PID:15804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
      4⤵
      PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
      4⤵
      PID:3620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 212
        5⤵
        Program crash
        
        PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
      4⤵
      PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
    3⤵
    PID:9312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
    3⤵
    PID:13096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
    3⤵
    PID:15868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
    3⤵
    PID:14816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
    3⤵
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        5⤵
        
        PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
      4⤵
      PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
      4⤵
      PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
      4⤵
      PID:18240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
      4⤵
      PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
      4⤵
      PID:17472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
    3⤵
    PID:6736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
    3⤵
    PID:11728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
    3⤵
    PID:14960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
    3⤵
    PID:17712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
    3⤵
    PID:6276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2121.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2121.exe
  2⤵
  PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
    3⤵
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
      4⤵
      PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
      4⤵
      PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
      4⤵
      PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
    3⤵
    PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
    3⤵
    PID:11740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
    3⤵
    PID:15012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
    3⤵
    PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
    3⤵
    PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    3⤵
    PID:7428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
  2⤵
  PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
    3⤵
    PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
    3⤵
    PID:12412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
    3⤵
    PID:15776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
    3⤵
    PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
    3⤵
    PID:6968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
  2⤵
  PID:8988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
  2⤵
  PID:11924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
  2⤵
  PID:15888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
  2⤵
  PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2360 -ip 2360
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5456 -ip 5456
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 11292 -ip 11292
1⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3620 -ip 3620
1⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 14204 -ip 14204
1⤵
PID:15408

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:18128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 16668 -ip 16668
1⤵
PID:3208

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 18128 -ip 18128
1⤵
PID:18148

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 17616 -ip 17616
1⤵
PID:6612

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe

Filesize
184KB

MD5
6b3cc23167195cb92df24a1f57573adc

SHA1
9e92857a7ed5ac247f19d97c092f963b8a77c66b

SHA256
3fa4abc71a790fd157e56dd906dece01bf3b11d75a8e53b69cd57eb6ed81e446

SHA512
486ac7fb76c700f9bf9824f9f5e7c691e4e5af56de5fd5b28a64e42f4783bf657eab26acc1fc79927f482973499b97d0fef4e01efe029fa7d7c4fb0816f62fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe

Filesize
184KB

MD5
2f649b7f25f8182a01fb7fe5609b2f6b

SHA1
0f7c477f9305e6d5604768c1f9aecf1093095df7

SHA256
454cb04cb56fc4a745a1df24ac2447c491d92b95597e15add0aee7beea1939d1

SHA512
9b78ad5479d6cf7f61a18914bdb8f7c5db7763179d71f9f9e6de4d72fa29a390213f85d83c79b73d5b088e78b23b5ed8d189a2882ab949c82351770d3c27b8cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe

Filesize
184KB

MD5
b42ba5feae265aed0defb71ef20fa359

SHA1
b6409c6abfc37162d181f5283e91bba8b2dc1438

SHA256
00b083887569b5c5c3e663b4c5ffcd3c2c23242d45a429dd966066b7f75ef96a

SHA512
9488799654948b4f94bd2e98442df798dcaea98ebb4bd5ed6987ec7db1e936d357909172253ddce5dbfc96a5ffdc9fb0e758edab216f1f1a394d06a0c5be98e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe

Filesize
184KB

MD5
3c300a79640c60d55c53638871932404

SHA1
a332ef3edd27ea5502cfcc4890cfa0cd432392be

SHA256
78112e72f9ef6b9056cf50c75b2dfbf62238fa027177aebbe4a805d924d0d184

SHA512
156ca26fe6d4593aba2e74e35714e8b2811d95fc03e9cf8cdc8713ab5cf724b5edcf3dbbe97704ab2011325e566f8d05f986b519d51b124dd17ba189d23ef6fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe

Filesize
184KB

MD5
9b046989edc905cb3497e2e934956fce

SHA1
9e1cf9b9fc5ffc06477b12d4a7cb4d5a7013e5c5

SHA256
2f7d9006c7b012007b32164ba79a44746de56a1836acc5457a0e4581c3a3e998

SHA512
4b97da7815f910a42ef502a4e3c5c156c9f474638a685f80c3f18e91050c4e76850dc55afc9e3fcf4273f8e0031fe8477bab022f94a0fa34f5d6b52b340544a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe

Filesize
184KB

MD5
78ba021d85d624384e0891e7660b9618

SHA1
fb612cd4b3d5067c89548df15677c42c376669ef

SHA256
adb92d5b6f88a5aa9110226aa26188f466454636f3618634bea93272e25aa18f

SHA512
06fc0bb9afa417e31b9a51f561b784762bf24727e92f860c6fa7763b09763796ae42d0237a4ffa87a1c335ee3547fadbf39caac5dc6adb7e868a331164e0fb1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe

Filesize
184KB

MD5
7ed7239c0623c7fc683ff5d13a25ae16

SHA1
69baa4c7e13d949527e9a43f07f1434eb8f4360f

SHA256
e3122a0fbfdf871b349df51f3e0503d1b786c0813f10817d330fa1f8cac40f5d

SHA512
59e73f63ee49031eafb749bae5bce796ddd2eda43f9a39afadca7c927a605616d073efa6f3e9426c06b1d5bc83072b0b5632f1901041dfbe849cf74d61e1db5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe

Filesize
184KB

MD5
ffcd3de0a3102d31f2b6c24738f472f1

SHA1
1ac50b22ea478e44fb3b3f78245bcd108962e85d

SHA256
69b39a7654ac4dfb45c25a28318d590c1be6cf6a8277468ac3693ad6a4973523

SHA512
dec8e64d0db126e40914a8da3036017bb5037c751e1a82d960ab32fb26a75ae43ff1be728cbe75beb7fde14772b951c536e5ab82ca6a43f745756d5d12b5cb90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe

Filesize
184KB

MD5
82c8f5b3a0a1206d4074ce363c5c6036

SHA1
c85a8f159e090ea43b5c48b41b5e571924796a20

SHA256
d5eb2927b5310bb79e9e703b4839de53532f2de99a4ccbc1898a221e8e36b7a5

SHA512
db77620627991e1b83a14a3c49f71db340a8b99925cad1dd8547aeef7955c14b6cbb9ee64372461720341d4a78cb22accca15c5bf93da17d5229c34ce21d23c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe

Filesize
184KB

MD5
ea73104842289e2850e3f54491eda7d5

SHA1
d4899c6f4c5dd8b95e6819092fe258da757d1bf1

SHA256
ad333ddaa754e977315007d77023a0bb757f7131e4bcb608629946e2dba37686

SHA512
7d9c1b00727e66539aef3c22c752800464fc46141bc7e8e80ec5e01397aa8083e1ddf8a185dfc09addd7d74e482de643fcd72f78155857144a700a0ba0a95335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe

Filesize
184KB

MD5
dce07a6f023ff7867b566bffa9b5485d

SHA1
2e15e1296a2d4e1d2bffc993491e3df8c5227381

SHA256
63b0dda6c65367dc11f089c88a5a40b40e9255a4c05c0a8867407d9d0b2e859c

SHA512
e1828596ad8028b54c326d935c037384c3a4b02211f12380b49197a7a6eb65a5eb1441475c8ff7d2f53f8c70f520d2c052acf1f45c17ed9b93e46e0350b6dca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe

Filesize
184KB

MD5
bce30e66e9ae3a574fcda68a38d5de7e

SHA1
cfd451a7ad228061515b1eeed9ef528389f6c934

SHA256
0d0387bd3317fb6173ab4913499c808c64a4153d0e60ba90074ef4d1ca48e76a

SHA512
85dc51675196238621e499655612a82fa95f048399672766546956fe68175f287f5fbf62f63eaa820a63d9c970e83238f9e17c896827c1bd5f4bec153b0554e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe

Filesize
184KB

MD5
3b49659a9eb3cd1708ea731d9d8b1690

SHA1
c6f02903303589b8926858de819fba9713f68e88

SHA256
998b2b3630567f50ef8f5aa398c693e26152b189a9c3926996fa52dfdb2b697e

SHA512
442e1850e02e6d3823a4d566616a997ea97f4a9a69982cf25e50be76737cb396d46202e19e639bc134b0e7de0a14cb2801d20a62133306712e2a8a209aa821c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe

Filesize
184KB

MD5
fe6cb148ba5082d694d97e1714f98608

SHA1
4031ad4b0d6311e67969d064251bc78fb96a4acb

SHA256
5f8156fcfcd913cfc7938d013c71a4154ef9e5e2cfb4bbcc84cc202801110b86

SHA512
05724cb9ea7fcde8e9ef2e4d1e0eac6901e74a9bfa76a23f1d4b10e124febdfeda67ff72e1758708c9fcfaece9abb909c520fbdbd42693adcafd0a913e741012

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe

Filesize
184KB

MD5
03684b30f57f20d0034482d3f471f317

SHA1
ed501c5535e27768316f0752dd9038334875ef01

SHA256
66d87ac26bb213da3534e1423d9dbf51cd5496ca2da4c9fa8a1b8f06c13471d1

SHA512
d279c28285136d4319029d0335458534732ca8545f64e8ee63f53de724f6592b2e14222322d219685e975ab731f2e4219e1d5d60d89afad493587a58f0d22699

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe

Filesize
184KB

MD5
e908e959ae0ddb690e3760a0ca173c6b

SHA1
a68fad5b1c27632ad42ba04d2c08a629330e4e62

SHA256
e8306038a8c173f4b9ea0a67c63d4ea247bc04527ea8ecc6f749bd8bc36b4adb

SHA512
a4e33511e7b86fbfcaa36357c644687ac5db844adb7b56ae43817ecbc7e69cca48472d0ba1830bf05abe800983508b7ad025c33156cd5b9a3e6a54c87ee877e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe

Filesize
184KB

MD5
aa899aef0b05546f7562503facb024bc

SHA1
e52acbb66f2a13b29180a671525c99faa404f995

SHA256
b333d92fa714d6bb339cf6e0097645e18be9f28897389102986ec9e5c98d06d5

SHA512
f84a4ccf8cd34153060744abf5a3458c1b7565bcf97fd151afc0bd8f08f1fe388119bf1c51e5648775ccc53f6322e7c70c82c9bacad409083499e91670561041

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe

Filesize
184KB

MD5
3bcc9ff64a9ae48bf0621544c3546fcb

SHA1
3909b6139b818ccaae6795b4fb4024ee98f901eb

SHA256
ea6877f3bc3e878cc27c65dddd3959ba4730444672a798a503d1077230f7257f

SHA512
f7d0c39b57bff17b7ac88eee408751b3537b7ab8f6d0dbef10063c5e9b4265ce8298567d98ad1a81105d2dec00ed4dbd69e3bdcaf5e335997258aff5a9d99637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe

Filesize
184KB

MD5
d1886e21187b4a7172ecd23e2808ea56

SHA1
058fe2ac2e832462f1f2c8e94e852f5578aca0af

SHA256
1000608338dac921030950f66c159b7377188bf76bff1aeb13f1bfcd34e1a62a

SHA512
dbacf729a13011d729d1b82f55cefd262d809b63babe66622977d93fdf90b7f5a70743fdaadaa93d51c8e19efc9b9f4d04ee1778d0307895c39cd4744f21a3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe

Filesize
184KB

MD5
f08a6bb10a174c2f6dc299e28bf2b5fd

SHA1
1eab56db4a5a3615cf8c0f0947623198a8f97304

SHA256
c50d465e6962b3cdc864f6ebf92040bff053e41272e408754c16b78e89e6ad01

SHA512
6e98069716a1df60e0d9b1611e7ee060a8c4039e51ce8cc09c43d27129f93042139586e0b70cabf940916f71f2d97eb3b5eff1f6c0d1297fa937178e7a2606e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe

Filesize
184KB

MD5
5c041aa36bcdd2e86ea9335a252280f8

SHA1
e228710dccc022516fb6e42d1b2e10d01ddc695a

SHA256
ec494528c9377ab868173765bcb917116cd3212301c70827eaa6613aa9669ebe

SHA512
667ade9f61e0c42f60ce906a4a79eb1f23c950a29108a430672d73060426b7772cbb3020975f4bdcc1ebfc6225d621908d412c40cf1681fff52073a4926304bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe

Filesize
184KB

MD5
f6d7f0daae1ce1b3fc572daec69fc8c4

SHA1
656cde9b7718d8526937440ab4c8739435870955

SHA256
54d17c966f682b47f861835623358853c943f275045cb6bc15a2608050760829

SHA512
fe201d1aa0bc5d8234a478d12df70fe4dfeb5b0a465ea551175f8ea3664ca505fead94dc9b348ba8646bbefb845349fb5629554c1ddaa785508a2416d31f523b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe

Filesize
184KB

MD5
d4d5cae396d6e2dbd109f24225b08ed1

SHA1
4fd1f1161879330cc98aa90181994271de999a2a

SHA256
3e448ce1a5cfce6f7752cef072f7e32c57e47e0ba59c62c6ecce4a6ec64ffb6f

SHA512
14f5018d668f6e2156efadde7b7d6faf843409fbefca92bf09de7c253086816a03a7a5f8eee2015ef2b005c0abafbcd1a710e1c7d15aba44a4247ded404e5666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe

Filesize
184KB

MD5
518f476db7a001f462a49f7bb808464e

SHA1
bd81bb10bf29247ce307a80a60c3143e05c494dd

SHA256
09f8db2627c2b19637f87bed7f064658f6fdcccf42c5093799a0fed095f74cc4

SHA512
d4c5d03b3113df1f299d2db5123ae2c8a1f8fb1c295b33f900930f4418975e044859d8fc55322e614232b6a765fa7a92c2c77618d330d685d7d501456ee237c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe

Filesize
184KB

MD5
1113b5cd06f71b28f6c2f8ac1cd3460c

SHA1
79fbfbde439b6f143dcd50ff36e7e00308447ffc

SHA256
149b77146cf6d55fe5a0784dfed73d1cf970fa4650993339d9026ff5067dce3c

SHA512
8eca3446f5d427c109fa2aae3c61201344ef0028da2947b6c4e15562b7b349fbd6249001ff60b0640028bf34b668f9543ef0f95477aa26e0144cf01cfc0ce08c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe

Filesize
184KB

MD5
3e9a292cba4f3814de1df60ebac38775

SHA1
fb7e911221aa41868ecd990ddb6d7b18ea0921ce

SHA256
6559adf5ad6a84781dfedf9e4bf0434bd770da5d7eb8a72458378139c357fabb

SHA512
0aa62db1a9da1b213197627ec7432a7a564e7e343fa5c3a11a8a8df7617498c536e7dbaf17d01a0358453d007bcb81ebd32f4fea6f4c2e26122aa393be486c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe

Filesize
184KB

MD5
ee56470e04e6ca629279e04de837e09e

SHA1
688d1e1921773932140ba7692278e8a3c638020f

SHA256
182197b975b473cfb1041d34a75d61ab7e0ca68c39d920e0da8d2affbb020a97

SHA512
3aa2ed810d6bae8270e02b2ebcafaf87d93082b95bc6155d840ffc9195f78d10ba9c0bf191614010aee9d9c642c511ba08a78992bdc4a7f7fcd29d6c57bad502

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe

Filesize
184KB

MD5
6db706b7dd8db99ec51251be8feec046

SHA1
2cc3b379906c2c7ce710b84ffc0fe2545c7dd5e1

SHA256
ea6b0d2cd7b98a687c54dda4a0b11be952b3981d02089d9d6097fb819a271995

SHA512
ccf04f9ad1ff9cd820e9158fb04dd7070114462f29d55d024ed2211fab6a4b396580c218d8b88de5fa43c77e239567e19c0275b89684fb5ac1060d85dcf8f656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe

Filesize
184KB

MD5
b0da777566650cf9afcbbca49b56d82c

SHA1
0eacedbdf08275328d28204aace5114e3fa5e2ab

SHA256
80cd2dff2969e61549b69098cc89e82b7f29d69916a804e763b9f5a5f7d03e8e

SHA512
1b79be3344a4ca32f1b5e22e21d7719b237a85f2c9c9fbb96f4f7562318227cef045694e9a2afb0aab3d2253398f0fdb308fe1e7e632a81ee368dc9be7200030

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe

Filesize
184KB

MD5
53239fdd4cc65b28b9730e863bf0ca70

SHA1
50ea6512ca3d355e49ac5fe9e0d087060461a034

SHA256
ea05a67046f987cd1e410d036c725802151ecc9e3a2662fbb1f40b1bdc32bf7f

SHA512
c5c34908f299c3eb1a7d8180eb131d768ef00405b4b9b233d262207e293633f4eb66463fbe337891f3f75a15110ba49cdc9408968ebe3e3003799e35f11d24b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe

Filesize
184KB

MD5
0268a7157c548fcef7a142533c03c2c7

SHA1
24d6119f208c2f60ca8400d379bb1314ed3d5d0e

SHA256
2fe4b6365a9e837a65e104ea91aa7612181eb887cfed5662c97d1ec08f67fa5d

SHA512
426cf2c016336d85fcbf70eb6212cedc51ff091b8b86d16b4728bfb48338a84efe006e4fd9b2cb4c1d3ee61adfa563f7e67ae55df044646296154f47622807ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe

Filesize
184KB

MD5
1f24698479bdf56c4514239433110b55

SHA1
b8e79bec90da1496a290098d5cec5e5e53f45239

SHA256
f0bbbcadf7599bfadf4bab06d08960174cc988b8e1897bb00e081a9c96cd4724

SHA512
61ba997e13a4c33b66e5e4161af45106bd1ad0966d33af77ce221ffe2caea91b2823403fc366c72eaf44d9affdb8c59a17ec206ceafc4ea7de6206dfdc45fce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe

Filesize
184KB

MD5
ad12fd75b9167ba5f63e18e68265bea2

SHA1
1472c520b79f42215e2d768766c8b0ff4bd42e48

SHA256
7f3101642acfb793c802ba91f83937b45e9cb576a1a5b5c2ab16c8258a31bd92

SHA512
32530aaca49246ab0851195b0d56434b3376312fc7201351650d8ed6f0130af511f395a258ddcdcbf02954fa6d8c0aa29c13b6cfa8e38233352cf7e5fbcc2a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe

Filesize
184KB

MD5
8fcb60f3adbf9d270fb51f881b089441

SHA1
2c4570b9f45aa3d731992d2971b591ec7fccd378

SHA256
b8918c83a85b4b1fe4932b44b233b613558780407457d3c2c1935fd6768dba48

SHA512
f4b0b82fb7ef186076899add64a2caea86d61951e863979f2624b6bbbd7d62c1675e1a4b105d3130d22d0172e2065a6db7779a4179547d21b582b6f9208ed793

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe

Filesize
184KB

MD5
ad80bbc2e6cd714d09b90ec887682b4c

SHA1
43da8ba5f4b713d1a660a6eba19c4b842ff088f4

SHA256
ec50f3bc4178349a87416c31d97565a2d6c7f6049ba6006f8ddaa6e95198f58a

SHA512
6de8fe8ac2f3367cc1ee519e7d10c4940cdf8b8c3269ba551594493950a4edd340162b745f4a0109f9fd2f782ace82e479e99a3e20f32f1764a960d5021c349f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe

Filesize
184KB

MD5
ccaa2f03aaefd745c2c6d01ff3394d77

SHA1
cff36aadd604cd158a06c2d2d68e66ff67a68a6a

SHA256
1bcf9173afd70b8c8dbfbb3e2f95edff5522dcc3211979a86e74ae96ca8210de

SHA512
936f0eea0aa798794d8bc3b6f174ded8e42dc160488bbcbe79247034e4efabba86bdc10a51e92fa1a8dc0b134d3b9cdc295354736788fc1d8b9689e3ff64f0fa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads