a5733c4538e370cfb468ed1ae4b7d85a491a15f1eb42e25df881216c976459d1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe
Size

184KB
MD5

23af070fbc7bf2f5c822ea6f8f305470
SHA1

81a4c46380dc7ef4309167829ca75b8ee3e18a72
SHA256

a5733c4538e370cfb468ed1ae4b7d85a491a15f1eb42e25df881216c976459d1
SHA512

55496d45514d603a76e1cf1c15a2687338c5a418f038fc13a3b322cb872bb3685d0ea3c24bf0a178293cb03c05ec696360400dc8da3a9d65d5e1a2e7f1d55c26
SSDEEP

3072:inJkmDoR2WQUdj0NXErhpWftLvMqnviur:invomQj0UhcftLEqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2936	Unicorn-2842.exe
3732	Unicorn-18611.exe
2428	Unicorn-15081.exe
3140	Unicorn-35819.exe
1916	Unicorn-54075.exe
1772	Unicorn-34209.exe
2168	Unicorn-64281.exe
2496	Unicorn-14106.exe
1508	Unicorn-25761.exe
4600	Unicorn-20931.exe
224	Unicorn-25953.exe
4488	Unicorn-45819.exe
3196	Unicorn-14992.exe
836	Unicorn-4521.exe
2736	Unicorn-5466.exe
2220	Unicorn-34993.exe
3448	Unicorn-64947.exe
4776	Unicorn-26336.exe
452	Unicorn-7962.exe
428	Unicorn-19617.exe
3372	Unicorn-6618.exe
644	Unicorn-39675.exe
2044	Unicorn-39675.exe
828	Unicorn-39410.exe
4080	Unicorn-31507.exe
1220	Unicorn-63417.exe
440	Unicorn-52482.exe
3080	Unicorn-680.exe
4572	Unicorn-48907.exe
1552	Unicorn-37209.exe
1844	Unicorn-32763.exe
1748	Unicorn-51137.exe
2040	Unicorn-57651.exe
4444	Unicorn-45954.exe
1688	Unicorn-7106.exe
2484	Unicorn-7033.exe
4884	Unicorn-26515.exe
4308	Unicorn-48559.exe
1828	Unicorn-49675.exe
3488	Unicorn-2512.exe
3300	Unicorn-8834.exe
2644	Unicorn-8257.exe
1040	Unicorn-17387.exe
2996	Unicorn-17387.exe
2608	Unicorn-27475.exe
3636	Unicorn-51979.exe
2448	Unicorn-2778.exe
2164	Unicorn-56618.exe
700	Unicorn-21536.exe
2000	Unicorn-35570.exe
4432	Unicorn-59577.exe
1852	Unicorn-27667.exe
2964	Unicorn-40473.exe
2172	Unicorn-15969.exe
4260	Unicorn-3738.exe
4248	Unicorn-36795.exe
2584	Unicorn-16929.exe
4656	Unicorn-30856.exe
5068	Unicorn-53323.exe
464	Unicorn-61491.exe
4712	Unicorn-63930.exe
4664	Unicorn-17993.exe
4492	Unicorn-51123.exe
4412	Unicorn-55762.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
1060	4432	WerFault.exe	148
5192	1688	WerFault.exe	130
6532	5460	WerFault.exe	182
7716	6148	WerFault.exe	239
8816	4624	WerFault.exe	237
6388	2888	WerFault.exe	881
6384	3208	WerFault.exe	867
9904	17696	Process not Found	1286
7716	17688	Process not Found	1285

Checks SCSI registry key(s) 3 TTPs 10 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1156	dwm.exe
Token: SeChangeNotifyPrivilege	1156	dwm.exe
Token: 33	1156	dwm.exe
Token: SeIncBasePriorityPrivilege	1156	dwm.exe
Token: SeCreateGlobalPrivilege	12740	Process not Found
Token: SeChangeNotifyPrivilege	12740	Process not Found
Token: 33	12740	Process not Found
Token: SeIncBasePriorityPrivilege	12740	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe
2936	Unicorn-2842.exe
3732	Unicorn-18611.exe
2428	Unicorn-15081.exe
3140	Unicorn-35819.exe
1916	Unicorn-54075.exe
1772	Unicorn-34209.exe
2168	Unicorn-64281.exe
2496	Unicorn-14106.exe
1508	Unicorn-25761.exe
4600	Unicorn-20931.exe
3196	Unicorn-14992.exe
4488	Unicorn-45819.exe
224	Unicorn-25953.exe
836	Unicorn-4521.exe
2736	Unicorn-5466.exe
2220	Unicorn-34993.exe
3448	Unicorn-64947.exe
4776	Unicorn-26336.exe
452	Unicorn-7962.exe
428	Unicorn-19617.exe
1220	Unicorn-63417.exe
828	Unicorn-39410.exe
440	Unicorn-52482.exe
4080	Unicorn-31507.exe
644	Unicorn-39675.exe
3080	Unicorn-680.exe
3372	Unicorn-6618.exe
2044	Unicorn-39675.exe
4572	Unicorn-48907.exe
1552	Unicorn-37209.exe
1844	Unicorn-32763.exe
1748	Unicorn-51137.exe
2040	Unicorn-57651.exe
4444	Unicorn-45954.exe
1688	Unicorn-7106.exe
2484	Unicorn-7033.exe
4884	Unicorn-26515.exe
4308	Unicorn-48559.exe
1828	Unicorn-49675.exe
3488	Unicorn-2512.exe
3300	Unicorn-8834.exe
2644	Unicorn-8257.exe
1040	Unicorn-17387.exe
3636	Unicorn-51979.exe
2608	Unicorn-27475.exe
2996	Unicorn-17387.exe
2448	Unicorn-2778.exe
2164	Unicorn-56618.exe
2000	Unicorn-35570.exe
700	Unicorn-21536.exe
4432	Unicorn-59577.exe
2964	Unicorn-40473.exe
1852	Unicorn-27667.exe
2172	Unicorn-15969.exe
4260	Unicorn-3738.exe
4248	Unicorn-36795.exe
2584	Unicorn-16929.exe
4656	Unicorn-30856.exe
5068	Unicorn-53323.exe
4712	Unicorn-63930.exe
4664	Unicorn-17993.exe
464	Unicorn-61491.exe
4492	Unicorn-51123.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2936	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	91
PID 2920 wrote to memory of 2936	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	91
PID 2920 wrote to memory of 2936	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	91
PID 2936 wrote to memory of 3732	2936	Unicorn-2842.exe	94
PID 2936 wrote to memory of 3732	2936	Unicorn-2842.exe	94
PID 2936 wrote to memory of 3732	2936	Unicorn-2842.exe	94
PID 2920 wrote to memory of 2428	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	95
PID 2920 wrote to memory of 2428	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	95
PID 2920 wrote to memory of 2428	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	95
PID 3732 wrote to memory of 3140	3732	Unicorn-18611.exe	99
PID 3732 wrote to memory of 3140	3732	Unicorn-18611.exe	99
PID 3732 wrote to memory of 3140	3732	Unicorn-18611.exe	99
PID 2428 wrote to memory of 1916	2428	Unicorn-15081.exe	101
PID 2428 wrote to memory of 1916	2428	Unicorn-15081.exe	101
PID 2428 wrote to memory of 1916	2428	Unicorn-15081.exe	101
PID 2936 wrote to memory of 1772	2936	Unicorn-2842.exe	100
PID 2936 wrote to memory of 1772	2936	Unicorn-2842.exe	100
PID 2936 wrote to memory of 1772	2936	Unicorn-2842.exe	100
PID 2920 wrote to memory of 2168	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	102
PID 2920 wrote to memory of 2168	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	102
PID 2920 wrote to memory of 2168	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	102
PID 3140 wrote to memory of 2496	3140	Unicorn-35819.exe	103
PID 3140 wrote to memory of 2496	3140	Unicorn-35819.exe	103
PID 3140 wrote to memory of 2496	3140	Unicorn-35819.exe	103
PID 3732 wrote to memory of 1508	3732	Unicorn-18611.exe	104
PID 3732 wrote to memory of 1508	3732	Unicorn-18611.exe	104
PID 3732 wrote to memory of 1508	3732	Unicorn-18611.exe	104
PID 1916 wrote to memory of 4600	1916	Unicorn-54075.exe	105
PID 1916 wrote to memory of 4600	1916	Unicorn-54075.exe	105
PID 1916 wrote to memory of 4600	1916	Unicorn-54075.exe	105
PID 2428 wrote to memory of 224	2428	Unicorn-15081.exe	106
PID 2428 wrote to memory of 224	2428	Unicorn-15081.exe	106
PID 2428 wrote to memory of 224	2428	Unicorn-15081.exe	106
PID 2920 wrote to memory of 836	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	108
PID 2920 wrote to memory of 836	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	108
PID 2920 wrote to memory of 836	2920	23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe	108
PID 2936 wrote to memory of 3196	2936	Unicorn-2842.exe	109
PID 2936 wrote to memory of 3196	2936	Unicorn-2842.exe	109
PID 2936 wrote to memory of 3196	2936	Unicorn-2842.exe	109
PID 2168 wrote to memory of 4488	2168	Unicorn-64281.exe	107
PID 2168 wrote to memory of 4488	2168	Unicorn-64281.exe	107
PID 2168 wrote to memory of 4488	2168	Unicorn-64281.exe	107
PID 2496 wrote to memory of 2736	2496	Unicorn-14106.exe	110
PID 2496 wrote to memory of 2736	2496	Unicorn-14106.exe	110
PID 2496 wrote to memory of 2736	2496	Unicorn-14106.exe	110
PID 3140 wrote to memory of 2220	3140	Unicorn-35819.exe	111
PID 3140 wrote to memory of 2220	3140	Unicorn-35819.exe	111
PID 3140 wrote to memory of 2220	3140	Unicorn-35819.exe	111
PID 1508 wrote to memory of 3448	1508	Unicorn-25761.exe	112
PID 1508 wrote to memory of 3448	1508	Unicorn-25761.exe	112
PID 1508 wrote to memory of 3448	1508	Unicorn-25761.exe	112
PID 3732 wrote to memory of 4776	3732	Unicorn-18611.exe	113
PID 3732 wrote to memory of 4776	3732	Unicorn-18611.exe	113
PID 3732 wrote to memory of 4776	3732	Unicorn-18611.exe	113
PID 4600 wrote to memory of 452	4600	Unicorn-20931.exe	114
PID 4600 wrote to memory of 452	4600	Unicorn-20931.exe	114
PID 4600 wrote to memory of 452	4600	Unicorn-20931.exe	114
PID 1916 wrote to memory of 428	1916	Unicorn-54075.exe	115
PID 1916 wrote to memory of 428	1916	Unicorn-54075.exe	115
PID 1916 wrote to memory of 428	1916	Unicorn-54075.exe	115
PID 3196 wrote to memory of 3372	3196	Unicorn-14992.exe	116
PID 3196 wrote to memory of 3372	3196	Unicorn-14992.exe	116
PID 3196 wrote to memory of 3372	3196	Unicorn-14992.exe	116
PID 4488 wrote to memory of 2044	4488	Unicorn-45819.exe	119

C:\Users\Admin\AppData\Local\Temp\23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\23af070fbc7bf2f5c822ea6f8f305470_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        11⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        11⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        11⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        11⤵
        
        PID:19136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
        11⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        10⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        10⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
        10⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
        10⤵
        
        PID:18820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        9⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        10⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        10⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        10⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        9⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        9⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        9⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        9⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42214.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        9⤵
        
        PID:18468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        9⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        9⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        9⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        9⤵
        
        PID:18908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        8⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        8⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        8⤵
        
        PID:19352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16929.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        9⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        10⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        10⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        10⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        10⤵
        
        PID:18956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        9⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        9⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        9⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        9⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        9⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        9⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        8⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        8⤵
        
        PID:19016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        8⤵
        
        PID:19352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        8⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        8⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        7⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
        7⤵
        
        PID:19292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        7⤵
        
        PID:18948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        10⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        10⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        9⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        9⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        9⤵
        
        PID:18896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        9⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        9⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        8⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        8⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        8⤵
        
        PID:18756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        7⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        7⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        8⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        7⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8401.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        7⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        7⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        10⤵
        
        PID:18900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        9⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        9⤵
        
        PID:18880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        9⤵
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        8⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        8⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
        8⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        7⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        7⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        8⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        8⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        8⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 452
        9⤵
        Program crash
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        7⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        7⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        7⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        7⤵
        
        PID:18696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
        6⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        7⤵
        
        PID:19416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
        7⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        7⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        7⤵
        
        PID:18964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        6⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        5⤵
        
        PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        9⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        9⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        8⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        8⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30099.exe
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        8⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        8⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        6⤵
        Executes dropped EXE
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        7⤵
        
        PID:16488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        6⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        6⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        8⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        8⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        7⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        7⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        7⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        7⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        7⤵
        
        PID:19248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        5⤵
        
        PID:4624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 632
        6⤵
        Program crash
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        5⤵
        
        PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 632
        6⤵
        Program crash
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        5⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58922.exe
        6⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        6⤵
        
        PID:18612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        6⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        6⤵
        
        PID:19044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
        7⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        6⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        6⤵
        
        PID:18384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        6⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        5⤵
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        6⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        6⤵
        
        PID:18604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
      4⤵
      PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      4⤵
      PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
      4⤵
      PID:8040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        8⤵
        
        PID:18836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        7⤵
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        7⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        6⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        6⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        5⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        7⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        5⤵
        
        PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        5⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
        5⤵
        
        PID:18544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        5⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        5⤵
        
        PID:18388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
      4⤵
      PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
      4⤵
      PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
      4⤵
      PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
      4⤵
      PID:7292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
        7⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        7⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        6⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        6⤵
        
        PID:18968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        6⤵
        
        PID:19428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
        5⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        5⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        5⤵
        
        PID:19116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        6⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        6⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        6⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        5⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        5⤵
        
        PID:18924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        5⤵
        
        PID:18856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      4⤵
      PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
      4⤵
      PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
      4⤵
      PID:19044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
      4⤵
      PID:16648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 464
      4⤵
      Program crash
      PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
    3⤵
    PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
      4⤵
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        5⤵
        
        PID:18844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
      4⤵
      PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
      4⤵
      PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
    3⤵
    PID:7736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
    3⤵
    PID:9532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
    3⤵
    PID:13616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
    3⤵
    PID:16444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
    3⤵
    PID:6428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        9⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19673.exe
        9⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        9⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        9⤵
        
        PID:17792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        8⤵
        
        PID:18780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        8⤵
        
        PID:18860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        8⤵
        
        PID:18808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        8⤵
        
        PID:18576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        7⤵
        
        PID:18664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        6⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
        8⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        8⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        8⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        7⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        6⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        8⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        7⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        7⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        7⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        6⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        6⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        5⤵
        
        PID:6148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 636
        6⤵
        Program crash
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45091.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        8⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        8⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        8⤵
        
        PID:19348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        7⤵
        
        PID:18872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        7⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        7⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
        6⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        6⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20779.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        7⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        6⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        7⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52022.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
        5⤵
        
        PID:17608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        7⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        7⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        5⤵
        
        PID:19188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        6⤵
        
        PID:19152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        5⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        5⤵
        
        PID:19360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        5⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        5⤵
        
        PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
      4⤵
      PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
      4⤵
      PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        7⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19673.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        7⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        7⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35718.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        5⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        5⤵
        
        PID:19032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        5⤵
        
        PID:19436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        6⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        5⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        5⤵
        
        PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        6⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        6⤵
        
        PID:19272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        5⤵
        
        PID:18888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        5⤵
        
        PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41662.exe
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
      4⤵
      PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
      4⤵
      PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
      4⤵
      PID:18844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
      4⤵
      PID:18832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        7⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        7⤵
        
        PID:17856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        7⤵
        
        PID:18680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        6⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 436
        7⤵
        Program crash
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        6⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        6⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42139.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        6⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        5⤵
        
        PID:19408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        6⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        6⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        6⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        5⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
      4⤵
      PID:18988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
      4⤵
      PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
      4⤵
      PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
      4⤵
      PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
      4⤵
      PID:19408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
      4⤵
      PID:12820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
      4⤵
      PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
      4⤵
      PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
      4⤵
      PID:8052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
    3⤵
    PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
      4⤵
      PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
      4⤵
      PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
      4⤵
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
    3⤵
    PID:7876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
    3⤵
    PID:12056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
    3⤵
    PID:16232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
    3⤵
    PID:18864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        8⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        7⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        7⤵
        
        PID:19052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        6⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        5⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        5⤵
        
        PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        6⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58922.exe
        5⤵
        
        PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        5⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        5⤵
        
        PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
      4⤵
      PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
      4⤵
      PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
      4⤵
      PID:7388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        6⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        5⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        5⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        5⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        5⤵
        
        PID:18972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        6⤵
        
        PID:18368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
        5⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        5⤵
        
        PID:18584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
      4⤵
      PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7201.exe
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        6⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        5⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        5⤵
        
        PID:18140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
      4⤵
      PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
      4⤵
      PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
      4⤵
      PID:18376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
    3⤵
    PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        5⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        5⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        5⤵
        
        PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
      4⤵
      PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
      4⤵
      PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
      4⤵
      PID:18932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
    3⤵
    PID:7804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
    3⤵
    PID:10676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
    3⤵
    PID:14208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
    3⤵
    PID:17044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
    3⤵
    PID:18612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4521.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4521.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        6⤵
        
        PID:18944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48267.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
      4⤵
      PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
      4⤵
      PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      4⤵
      PID:18692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        6⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
        5⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        5⤵
        
        PID:18916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
      4⤵
      PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
      4⤵
      PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
    3⤵
    PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
        5⤵
        
        PID:18636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        5⤵
        
        PID:18828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
      4⤵
      PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
      4⤵
      PID:15660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
    3⤵
    PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
      4⤵
      PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
      4⤵
      PID:17196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
    3⤵
    PID:8704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
    3⤵
    PID:12224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
    3⤵
    PID:14844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
    3⤵
    PID:18276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
    3⤵
    PID:6696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        6⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        6⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        5⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
        5⤵
        
        PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
      4⤵
      PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
      4⤵
      PID:18392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
      4⤵
      PID:19112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
    3⤵
    PID:5460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 640
      4⤵
      Program crash
      PID:6532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
    3⤵
    PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
      4⤵
      PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
      4⤵
      PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58487.exe
      4⤵
      PID:18840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
    3⤵
    PID:8520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
    3⤵
    PID:11424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
    3⤵
    PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
    3⤵
    PID:18188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
        5⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
      4⤵
      PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
      4⤵
      PID:18092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
    3⤵
    PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
      4⤵
      PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
      4⤵
      PID:19148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
    3⤵
    PID:8500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
    3⤵
    PID:15380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
    3⤵
    PID:17136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
  2⤵
  PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
    3⤵
    PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
      4⤵
      PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
      4⤵
      PID:19092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
      4⤵
      PID:8016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
    3⤵
    PID:8828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
    3⤵
    PID:11540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
    3⤵
    PID:4596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
  2⤵
  PID:6744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
    3⤵
    PID:9380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
    3⤵
    PID:13164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
    3⤵
    PID:15900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
    3⤵
    PID:18112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
    3⤵
    PID:19028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
  2⤵
  PID:8312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
  2⤵
  PID:10256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
  2⤵
  PID:14692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
  2⤵
  PID:18200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4432 -ip 4432
1⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1688 -ip 1688
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5460 -ip 5460
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6148 -ip 6148
1⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4624 -ip 4624
1⤵
PID:8704

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe

Filesize
184KB

MD5
20aab0aec00401b7f95b3df67790e0ce

SHA1
08b260c36a793f0de74f173f9336b93e6d84f677

SHA256
8668cf3c2a6e196c073c6eeb05a79ae32c9c68e9e814f88f2bd265e8cd479962

SHA512
05d6a5489b3adf1e4104b52734ac0e5d1e1bfb9ce586332186e3944ad55326d4c6d494cdde2b2d313e69218276b8b1ac8b26efbc2736bccb892166c524cfb636

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe

Filesize
184KB

MD5
3e6928fa9104fae8b4354856e2b2f212

SHA1
f180a4546d71d5fb8a0b9f4550411b75c9492c81

SHA256
936d5145a0476dd5f05fa5d9c2c8c5b63fe04337351c97620f4eaff25a560f35

SHA512
ee6ca73edc34009d1ff9813a4397e007e303292220553d95d5c305665c5d9f39b308a9971fd29a6813c1703beafadfa95f4984f5b585d88f4b5ab94503fef820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe

Filesize
184KB

MD5
5dfc73023dfb35db936bb9609d962f1f

SHA1
7ad45472de3dc863acb847c50ff1e44277e2612f

SHA256
32d941d16847ad190240bde092bc27b930e5daf9fa5c4e2a77250afa14625e06

SHA512
7a6efb769aa6a4ab695104ea99d39acda55a3dee4ffd7ef4d31a0ae2f872c8f0aad39d556e784f72133ee6ba041cb3e6b9d723eec4123ee92d413721712a5e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe

Filesize
184KB

MD5
949f8f2c98a1e5bba56328db886918b8

SHA1
c64fe6f8f41aa83a5506160ca26764fe3b9a5b1d

SHA256
1af609e8fbe02b81fa9bbe5baa0013d63853a0c26638e9e5eaf91385df925ebe

SHA512
96a4f89cb15780a8d9b6658d02b166a3a17d514c6d34115cd0713a73660f81c69facafc37bce9f704ce8f41fb72156ec53da74bb52a17ef01c5c502f76122bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe

Filesize
184KB

MD5
542b1329e2161efb9113b2b1385950af

SHA1
dd863ea36cdb078e24c6a1862c0b7b22114cd822

SHA256
54f5822b6bc09b50c3a99f5fafa8efc3101430754e51f1c0447205c43ca7a388

SHA512
417829f822b239d398a1fb513b41771801ae999151c7cb577b95b3174b4e7fac9dab243e9eed06c8186eec1e1d86522db2a377d717d57607f64f65b26fdf10ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe

Filesize
184KB

MD5
dc0114b64240261dc3db2b6d0462a29d

SHA1
e7a42b6c1ec71d1223587a9aba1c8b33938840de

SHA256
804524cd567b8e30383baa3e6b9e7d7c919a1b9270f188bf51cbcbef35a07609

SHA512
d7dacce71714a7a463daf2fae143b77a57ad7e879780b0be6bef92554c255420607dbb747c0f719019af1f1598403d9ca2c0d007b4ee50ab27fdaf459d5274ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe

Filesize
184KB

MD5
c64ca530771bd2436cd5125e37c10ae5

SHA1
749782f4e19c95070567b78e50652fcd1a4793c7

SHA256
3db32a397cf36627367dc29f4629e6406eb6085bcd50dc4323159e648b8e76f1

SHA512
d35ad1cc31c85a3631e3e5c691163d7fd057cc5f01f1f0c06f4bda13b489fd36f0648ff2398e306308c0296b635f3431e359ff63d942e4b67051e00b1989aec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe

Filesize
184KB

MD5
f886c7fc569c7b5f21a7349b648ccfbc

SHA1
2fe38fa383b5631219d3b479572e5f956d56c18a

SHA256
bd373eb42e40c4e80fd56f9e9f16c5967d885da23f4770ff93ffd83d37791e0c

SHA512
d6191a9999a1d2c04bde0b3741e6b075881072b45bc38aabaf075ac6e02c8aa37634c1a0dc5b97a5d91d2e1b2865d31b481a86b40da4872a130168ad565995e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20931.exe

Filesize
184KB

MD5
46619d6ab1800c0482f5d5f28a6582f1

SHA1
8f4fea1969e84e635a20dd6f8f3c62ac4c95ef84

SHA256
a7306c0102637ec6fb7db60dfa39ad99f435ce77246134e8171c88b3033a5da3

SHA512
273f062ee473e8ac3434dc11e935175d1cf1225787811cf39e3d5520220244560e971d53edcb2bddb974f35819ac852e21205e80c9dec80c72901ef30f79cd29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe

Filesize
184KB

MD5
267b0545077ee16f6bce3675a7040e5a

SHA1
2bc67a46bcea103b0d23c28d0500328fa73d51f3

SHA256
be0f01ec55516d74c644439e8e375bc4b55eec3739f933fd937b80a0d54794ac

SHA512
965c0de2a10a17bfbb88d93d695bfef6c9749909515913f325438a9fa7a8157da20c9c76110420e14de3d5f4ffcef6909f2e63bcef192143c738bfecfa2eb47c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe

Filesize
184KB

MD5
5b86cfd1ea773240faea412e099ee761

SHA1
52ea8ed8147aa4f2fc39a335f13373137f0ad5ac

SHA256
f84bff6ca60f1dac80afcd0628a7bf79850db5e70ba50e84d0cca121689b415b

SHA512
df989ab9fe487722e841ff89bd9ca1e17803e495001436c3c7a2f37f43e25b330f303e7ec905823c436da56c803069835b147efda3b6aad7e4b512358651da1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe

Filesize
184KB

MD5
4a160889c7b5e27db5e27761ed35cb25

SHA1
5e7a3f80dbd64e24052cbe1767a3d0400b370686

SHA256
f96cc3d5aa94f02d45e4ba1c2eabbc39bd09dcd976766bbad1251dcede705a53

SHA512
412bc6c9fe4274aaacf737982b3579f570605a8f4148697d8e0e6c079781b47db7184df444758b8cc86852d7780d9bffd98f8f2114afc34bde521017a1ab1e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe

Filesize
184KB

MD5
400148355ddc30a49d9d69ceadad9506

SHA1
88c15faa60980de2f0648a6f4d7b22e141510430

SHA256
c4bd9699d54f848ddc1b42e971657f52204d88cfcd5b47e6b0ce2329c17e6306

SHA512
247d3d192c49fb3456bf6048048a72d9b233c93bdba787a956ef3b95080619af8f4a06f5b9c141d18f2e8541aafcef6e8f39a064c4a97d15f453f4746c4d47d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe

Filesize
184KB

MD5
997bc7dd265e363d4f1f8eec72cbb5ad

SHA1
8b4f9ab32592a2427f9575a43b2797b44d79d8ec

SHA256
6256c095e4d4e5874e4db96f1e7b0f51173751ddf00692071965f0bf36510ca5

SHA512
19b973f4a7f25b935a0113016b79019dc6f286370f9a9d1582dc7a256eca7bf96cde9955fd42b21417e19fb2ccc4977e7aaec4c816ae09d4fadd4a1681230d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe

Filesize
184KB

MD5
7128499fd48074d162401e70e7bc7ebd

SHA1
5459d0a012f9d9ab1eb9ecb0cfb8266c4af8a4d7

SHA256
14572fdb2225fc3ef7b3082f154d0e3f10e8389be4807dea1361ac39ac77adeb

SHA512
4dc112417e3677217fabcd19b93ed030ddb6d3458d772da6df07a61d6e5b7c5fe89ae52f7848332290d46e79aa79b85736d492aa57624fe166eba1a10e22137a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe

Filesize
184KB

MD5
6006607fa9fc40076029c359e1100d7f

SHA1
b66ad428e619d15f7191506a86d7ec3331232134

SHA256
47e8c1bf565abb136e64741dc9539787a8b2d257c1134ebfecbfc61a53347f70

SHA512
7350aeff7d3c72b56ff35d487b7f8f71684dc4c385e0dc407f817712a07d20ecc17122a2d17ba8d9250504e2b6e43ae1283cb7333b2a7ae46fd1195825d08efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe

Filesize
184KB

MD5
ea393858f40aea00fc0b4181bebfcba6

SHA1
5f3c0430d6ce1e813815006eca582b6ddf67b9a2

SHA256
b898525f7e996c690c47ebb0dad1f539d0b086bac5397d23b23fb862f03a8248

SHA512
20ea8dd566628c58f1971f708049fa3d7908e0300fc53ceb36912f3311200075d56f3fce33ae46287e1185510ceb8a1fca9105081a430242f1fa006082ec6b5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe

Filesize
184KB

MD5
3d78e9c0152f3e97a70a2b8e55883a3b

SHA1
a017fb7b4f1561134ed608e6d0bce17beeb0d9d6

SHA256
a559ffaef00a008631be22b0b6e5951e1b6d7fbfcaf37266effd9c6c80cb4b44

SHA512
a91b8057709f578f3a2dda6e796a1c5a48d3a580c582f42918cc56961bf36af5594efa6e9948dfb050c2356397870359dc227b4b1619ba722e974af3d345166b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe

Filesize
184KB

MD5
139e7d0860c12b4226ac7f99641673d0

SHA1
328cf9e5bc24eb48a39e267ca7729b1a91868076

SHA256
da2bad25047a8bd8378affc962ad311062a199362e697839b4c3465150479e79

SHA512
d2fcd2909570648a77d4e9de04ba7e8bbf9d3484535928df3861ff140d8c325ff58555ea66b73098961e0483186952f2e3c8242bd950cfdfe22e67a71d4e9550

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe

Filesize
184KB

MD5
3bd16b011a09225c8c01a5a9c947957c

SHA1
7a3198f60f66a44068f82f22fa79be8c421d2a13

SHA256
4f9f61878c1727b74b50309c407c0088d724cd67337e39eccc84b8021fec5562

SHA512
ec2d8464d15b94e7a07b2b5d13cfb31c6abc9d9a406fdf8d45c10cdbcd55258c3c8617b6223e82e7c8a823a47437a56cd38fe8c76ac4a074b8cc978fdb7c94ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe

Filesize
184KB

MD5
9f1c4d4f89b7c7c109a7d3ef5d260cab

SHA1
42c967b606ffc9bfa753c3aa1a988092577771f2

SHA256
38cd570d61cb5a770d177b3a0af98855deeb454184dd46e4998d85d90cc2379c

SHA512
a394258b84a9b0c578e236c3426ba116548c52b13553d945cc325c3d7d2632b3f7ed0dfe1251ac7e570dd787ed5c6f32c54119a81700691137c52ec996923f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe

Filesize
184KB

MD5
9c8279cf684a11329526b9d53f0cabfc

SHA1
318b7e8b158437c15a4254dbd80d69d2c22a2348

SHA256
407d1b1ff2e7f85f24ddcbafe46177d0b6d49c4df5a7bf7485ba78ef37f56376

SHA512
09cf7f2e42b63e08fd166a0f5d6f9542e81840ea37284a2c090b7c3d97f1594bf303f2df1e80d41d38f182e75e41348e9e74852fd7c554340bf476bf769a8330

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4521.exe

Filesize
184KB

MD5
b1824834fd186ee0be34be22b89c9737

SHA1
e2a31e74942c179ce656c20eccd6896d00e5876c

SHA256
cdb71d18c36c5962be8264f383a0cd33f9ebddc48287ae781e2112233032a675

SHA512
1faafede83ed7ce098d1d8d0e2609d5edcada1f78c303c03358499c63d853870dbdd4c19f8e0cc2acac968954bbb617451aa190594ac600479aab3bd8edc91b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe

Filesize
184KB

MD5
7013c6495bc1afbd35aa0bad89a11c23

SHA1
e29aaa34748dc251c22352cf43a286a21de9a5f3

SHA256
6243b6b97873f41e78fa52866d95579861fb9b2d20bd43ada347fb87d8056b7e

SHA512
98663eb154fd10132976b76092af00cfe7bf3fdca2520be2c9c719a7d7b53f017d0d3fbb3961997ff6ae7a69a8997ba4cb6fef8c189dd1a3fe89fd88fa1f2bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe

Filesize
184KB

MD5
9631699314e058c70a5a909fe0f60596

SHA1
9e54e705db0debcf35ebdd04836e1ab6f97aa62c

SHA256
4f030e0a3677debad1307737f4f7fcb016246b1ce7017c4d38f8851797c6973e

SHA512
da6fb75cf91a30f90b2ec570fbd1f5b7255dae44c688eec6487c5287508c11332627a3b59bef4d66bc204774e1dfcec53afbfad89e2ff6ef1b8d517931e7aaa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe

Filesize
184KB

MD5
18023190bdf741ed9c0d3612635d7f3d

SHA1
b143502b8408668c28a52015ffa066bb692629c4

SHA256
8cc4ef8be6ddaee36170ef6dc6092063aceb06b617d694ac0948316d021db080

SHA512
58fc32b67f29aad8be8e15ba47d764dfe6261e35de18d8d4a7749448fa43a42eb64fc13aa48bed207c5d753c6e130b0dba5bea2867879ea92c5ad8fbf0661691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe

Filesize
184KB

MD5
d9106e699fc01792b9369ffa34c1e197

SHA1
2bbba0c8c46aa63049e4ece65d01efa6899dc73d

SHA256
5919c6e9b0d7a76e3060d74b1e136fe6dbc3b17e3b0e66b2fbf3badaccaa7d41

SHA512
fc47a8a2997f4129c91de62198435316ee963f293f097ecb28d31b0aa13c66e03ff3c630525a07fa2a1c02c4335b7883a605cda1adfb451f4199a56967f9b5a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe

Filesize
184KB

MD5
54dd9771788069920f6ffc9718bf8268

SHA1
0a5f29c230693bb178fee0ea3d737e11555c092d

SHA256
833efaaecf00ba226754889fd039a90d3746572e61c57eae38b72c628dc24074

SHA512
010ad86f6b597334908302dd442961295c7bbeac9253cbafdb0937949b56a86e7fc7657b54db750c2be2b38f608b44f0a8dcd0dd21cabded12d3719ffe3833ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe

Filesize
184KB

MD5
318d6c566ce316e928f8f97f5e1fea93

SHA1
038869634226bab2082574fad6529334f61cbb4c

SHA256
b916681fd58ce7f4eb0b5913d89e309a336b7de1e9694a8723fb288b5fc55409

SHA512
a5717594f7d4cd5f3a77cfb476f0ce15339fcf49da37bd32cc7748b81310fab56d772539e47af9da2d5de540355bbd29ce728bdf7eeaf0829777adba75cbdf1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe

Filesize
184KB

MD5
6455349f5a8ca17854a846f8132801f5

SHA1
cb67e0dea8cca415d8db2a27a21a63853fa53e2e

SHA256
6bc4b043f5bf7cf02abc8dc0419ae9d533126a9e2d4b5272ebbb5d13477fde40

SHA512
2530798643a9425611823c0b7d1a78a7568caff65bdad4f7beb6ee0b39dc5d112704f42717d391543e858aa21349d3c5b4e68facef5ec6b108f6dfdba436f2cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe

Filesize
184KB

MD5
925fa7a88f8ecb480dc00a19f3a38868

SHA1
7aac338caaf38e5141bb60ecdddf044d0d349cdc

SHA256
cf67403fcfe73e5079330aa9f3e3d80cae48f7e32fe625b0c26c03f98021c921

SHA512
c10ed248038cb36ecd81856f540b60dafbb602cbc442c518444113bc5292694794c86d77a7596dbc9e21714490d83aaed4ecacb4e9909625378f5b04caa1483d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe

Filesize
184KB

MD5
25287665b6af4374a874e70cf81032c5

SHA1
d761e29bc19031ac982efc29897bb6d675abd282

SHA256
2cdd29b7cde95183650b912bdc15dac14eaa67b786f029243cc89e89c9c8e8f6

SHA512
288f3df4e211f4400b9a0b82a77b6b227a65f60fde8e4b47aea6857d79088ced17f930bc8e12e8c261bac25f9970b6bed2a6e90ab08c22d00324ec51ca9aa8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe

Filesize
184KB

MD5
50748a182ac03f9ebce2f3eb4e639d8a

SHA1
9110216d006ca77b284bd92a4faaef0a4aaf92ed

SHA256
66e29bb31375edf2066107fe265c65f3794ee2115f8aabb8889e8e3f27aa1bb8

SHA512
faa0e640e59f3bf3f04f6122ab0231d36732b382fcc7a41ea21aedaf480521ab1353f818cdaf19cf86e272f2c210170195eddd08648c4bf850737bdb65c1f12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe

Filesize
184KB

MD5
816169cfb703a2e29d1bf335952f8239

SHA1
3aa57bd81744f69f266b0b27642afb9d56c7ee7a

SHA256
addb70d430e29be8da21a31f03ba23b1d71892003cfd93c59d745c5c94555c9c

SHA512
a6e824fb4a1f11bbdaae4be369ab13f60cea3b3ea835ad521b23bf41b5e75ca550ec070a52aa3d7e795fd36ebf372eb7c7a2b350cb05a5ac5d81012e0675590a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe

Filesize
184KB

MD5
cbd357e4a3a8037e61cee0bffad49c77

SHA1
883f02c6589c04734fbb12921904b484444ccf17

SHA256
5a193913c155acc4952d2321ba27653c280f759bafb6c6cf4c0d534527f73e2d

SHA512
2b9401ed8361fd51696737d6820e1455ef7a0b11808e110e251cbfefa5b78a36e834623124e4070e7c25a49f77176f49a42e82f0ae4e7fd158b47c6fb6462d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe

Filesize
184KB

MD5
bf64183e1908600ba8d5e83c85aa37bf

SHA1
05f54e3ad02f2e2bfb424434c60eda064fc68941

SHA256
8f190b267c83686a1ab00109a01418864ab8e44ddeaac365fa98ab2586d96b12

SHA512
5c223d1c3c831fad168c86cdf33c4c90e1fcaadf545c999a30098c2b9985e6615335521f9c06d5477ae964e0de862ede252173f727ee4e49068e0a2fb28d56ae

Download Submit
memory/2920-3087-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16580-3115-0x0000000075200000-0x0000000075274000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads