21ec06c2b96968226c5dc18e512d763c7db25aa1f4fb46d1d5f31ce5fbe2f5a0

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe
Size

184KB
MD5

7c6c0c17f85cc8fc1ab3c5aa95b6cda0
SHA1

734fa142fa3e997f1503578e1893c584a864df12
SHA256

21ec06c2b96968226c5dc18e512d763c7db25aa1f4fb46d1d5f31ce5fbe2f5a0
SHA512

f0945b8159d29b455d95796b8f050a37d08b298513dce4f7b05f2c425d6576e53e60f5b447be816c0505c66f0ac0908b741d331d4bdb7eb1f79d90c9baee0f35
SSDEEP

3072:NOtRnCoIJHOhdhntZvB8/9MQlv9qnviuK:NOCotvhnB81MQllqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4716	Unicorn-41931.exe
1864	Unicorn-56451.exe
1016	Unicorn-28417.exe
3368	Unicorn-46311.exe
1884	Unicorn-38143.exe
1848	Unicorn-18277.exe
3276	Unicorn-25188.exe
3996	Unicorn-37323.exe
1052	Unicorn-9289.exe
3536	Unicorn-20987.exe
216	Unicorn-54406.exe
1760	Unicorn-4458.exe
2516	Unicorn-61827.exe
536	Unicorn-47529.exe
1616	Unicorn-53394.exe
3248	Unicorn-56887.exe
2948	Unicorn-20685.exe
2672	Unicorn-32191.exe
3972	Unicorn-11578.exe
1596	Unicorn-64863.exe
1800	Unicorn-64863.exe
2540	Unicorn-60587.exe
4712	Unicorn-38121.exe
1920	Unicorn-38121.exe
4288	Unicorn-24910.exe
3348	Unicorn-5309.exe
380	Unicorn-16244.exe
4432	Unicorn-63083.exe
636	Unicorn-35049.exe
588	Unicorn-38579.exe
2588	Unicorn-24088.exe
4668	Unicorn-55470.exe
3144	Unicorn-55470.exe
2452	Unicorn-21348.exe
1100	Unicorn-21348.exe
3576	Unicorn-55683.exe
2496	Unicorn-19481.exe
3600	Unicorn-55491.exe
4324	Unicorn-19289.exe
4840	Unicorn-7790.exe
4568	Unicorn-37125.exe
3556	Unicorn-44547.exe
5140	Unicorn-28211.exe
5168	Unicorn-19851.exe
5184	Unicorn-15767.exe
5216	Unicorn-53270.exe
5160	Unicorn-19851.exe
5232	Unicorn-49186.exe
5248	Unicorn-51953.exe
5276	Unicorn-50669.exe
5284	Unicorn-56534.exe
5192	Unicorn-15767.exe
5132	Unicorn-27946.exe
5296	Unicorn-31333.exe
5556	Unicorn-41999.exe
5576	Unicorn-1521.exe
5596	Unicorn-13218.exe
5640	Unicorn-39761.exe
5680	Unicorn-58143.exe
5708	Unicorn-9497.exe
5744	Unicorn-8750.exe
5772	Unicorn-53410.exe
5828	Unicorn-63379.exe
5820	Unicorn-63379.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
10876	6268	WerFault.exe	265
11864	7688	WerFault.exe	326
14944	7468	WerFault.exe	289
16952	7468	WerFault.exe	289
11500	4980	Process not Found
16588	6916	Process not Found	1038
16756	7216	Process not Found	984
6756	7720	Process not Found	1008

Checks SCSI registry key(s) 3 TTPs 10 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17832	dwm.exe
Token: SeChangeNotifyPrivilege	17832	dwm.exe
Token: 33	17832	dwm.exe
Token: SeIncBasePriorityPrivilege	17832	dwm.exe
Token: SeCreateGlobalPrivilege	14992	Process not Found
Token: SeChangeNotifyPrivilege	14992	Process not Found
Token: 33	14992	Process not Found
Token: SeIncBasePriorityPrivilege	14992	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe
4716	Unicorn-41931.exe
1864	Unicorn-56451.exe
1016	Unicorn-28417.exe
3368	Unicorn-46311.exe
3276	Unicorn-25188.exe
1884	Unicorn-38143.exe
1848	Unicorn-18277.exe
3996	Unicorn-37323.exe
1052	Unicorn-9289.exe
3536	Unicorn-20987.exe
216	Unicorn-54406.exe
1760	Unicorn-4458.exe
536	Unicorn-47529.exe
1616	Unicorn-53394.exe
2516	Unicorn-61827.exe
3248	Unicorn-56887.exe
2948	Unicorn-20685.exe
2672	Unicorn-32191.exe
3972	Unicorn-11578.exe
1596	Unicorn-64863.exe
1920	Unicorn-38121.exe
3348	Unicorn-5309.exe
4712	Unicorn-38121.exe
380	Unicorn-16244.exe
1800	Unicorn-64863.exe
4288	Unicorn-24910.exe
2540	Unicorn-60587.exe
4432	Unicorn-63083.exe
636	Unicorn-35049.exe
588	Unicorn-38579.exe
2588	Unicorn-24088.exe
4668	Unicorn-55470.exe
3144	Unicorn-55470.exe
1100	Unicorn-21348.exe
2452	Unicorn-21348.exe
3576	Unicorn-55683.exe
2496	Unicorn-19481.exe
3600	Unicorn-55491.exe
4324	Unicorn-19289.exe
4840	Unicorn-7790.exe
3556	Unicorn-44547.exe
5184	Unicorn-15767.exe
4568	Unicorn-37125.exe
5168	Unicorn-19851.exe
5232	Unicorn-49186.exe
5216	Unicorn-53270.exe
5248	Unicorn-51953.exe
5160	Unicorn-19851.exe
5132	Unicorn-27946.exe
5276	Unicorn-50669.exe
5284	Unicorn-56534.exe
5140	Unicorn-28211.exe
5192	Unicorn-15767.exe
5296	Unicorn-31333.exe
5556	Unicorn-41999.exe
5576	Unicorn-1521.exe
5596	Unicorn-13218.exe
5640	Unicorn-39761.exe
5680	Unicorn-58143.exe
5708	Unicorn-9497.exe
5744	Unicorn-8750.exe
5772	Unicorn-53410.exe
5828	Unicorn-63379.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 4716	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	96
PID 1924 wrote to memory of 4716	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	96
PID 1924 wrote to memory of 4716	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	96
PID 4716 wrote to memory of 1864	4716	Unicorn-41931.exe	101
PID 4716 wrote to memory of 1864	4716	Unicorn-41931.exe	101
PID 4716 wrote to memory of 1864	4716	Unicorn-41931.exe	101
PID 1924 wrote to memory of 1016	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	102
PID 1924 wrote to memory of 1016	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	102
PID 1924 wrote to memory of 1016	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	102
PID 1864 wrote to memory of 3368	1864	Unicorn-56451.exe	104
PID 1864 wrote to memory of 3368	1864	Unicorn-56451.exe	104
PID 1864 wrote to memory of 3368	1864	Unicorn-56451.exe	104
PID 1016 wrote to memory of 1884	1016	Unicorn-28417.exe	106
PID 1016 wrote to memory of 1884	1016	Unicorn-28417.exe	106
PID 1016 wrote to memory of 1884	1016	Unicorn-28417.exe	106
PID 4716 wrote to memory of 1848	4716	Unicorn-41931.exe	105
PID 4716 wrote to memory of 1848	4716	Unicorn-41931.exe	105
PID 4716 wrote to memory of 1848	4716	Unicorn-41931.exe	105
PID 1924 wrote to memory of 3276	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	107
PID 1924 wrote to memory of 3276	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	107
PID 1924 wrote to memory of 3276	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	107
PID 3368 wrote to memory of 3996	3368	Unicorn-46311.exe	111
PID 3368 wrote to memory of 3996	3368	Unicorn-46311.exe	111
PID 3368 wrote to memory of 3996	3368	Unicorn-46311.exe	111
PID 1864 wrote to memory of 1052	1864	Unicorn-56451.exe	112
PID 1864 wrote to memory of 1052	1864	Unicorn-56451.exe	112
PID 1864 wrote to memory of 1052	1864	Unicorn-56451.exe	112
PID 1884 wrote to memory of 3536	1884	Unicorn-38143.exe	113
PID 1884 wrote to memory of 3536	1884	Unicorn-38143.exe	113
PID 1884 wrote to memory of 3536	1884	Unicorn-38143.exe	113
PID 1016 wrote to memory of 216	1016	Unicorn-28417.exe	114
PID 1016 wrote to memory of 216	1016	Unicorn-28417.exe	114
PID 1016 wrote to memory of 216	1016	Unicorn-28417.exe	114
PID 3276 wrote to memory of 1760	3276	Unicorn-25188.exe	115
PID 3276 wrote to memory of 1760	3276	Unicorn-25188.exe	115
PID 3276 wrote to memory of 1760	3276	Unicorn-25188.exe	115
PID 1848 wrote to memory of 2516	1848	Unicorn-18277.exe	116
PID 1848 wrote to memory of 2516	1848	Unicorn-18277.exe	116
PID 1848 wrote to memory of 2516	1848	Unicorn-18277.exe	116
PID 4716 wrote to memory of 536	4716	Unicorn-41931.exe	117
PID 4716 wrote to memory of 536	4716	Unicorn-41931.exe	117
PID 4716 wrote to memory of 536	4716	Unicorn-41931.exe	117
PID 1924 wrote to memory of 1616	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	118
PID 1924 wrote to memory of 1616	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	118
PID 1924 wrote to memory of 1616	1924	7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe	118
PID 3996 wrote to memory of 3248	3996	Unicorn-37323.exe	119
PID 3996 wrote to memory of 3248	3996	Unicorn-37323.exe	119
PID 3996 wrote to memory of 3248	3996	Unicorn-37323.exe	119
PID 3368 wrote to memory of 2948	3368	Unicorn-46311.exe	120
PID 3368 wrote to memory of 2948	3368	Unicorn-46311.exe	120
PID 3368 wrote to memory of 2948	3368	Unicorn-46311.exe	120
PID 1052 wrote to memory of 2672	1052	Unicorn-9289.exe	121
PID 1052 wrote to memory of 2672	1052	Unicorn-9289.exe	121
PID 1052 wrote to memory of 2672	1052	Unicorn-9289.exe	121
PID 1760 wrote to memory of 3972	1760	Unicorn-4458.exe	122
PID 1760 wrote to memory of 3972	1760	Unicorn-4458.exe	122
PID 1760 wrote to memory of 3972	1760	Unicorn-4458.exe	122
PID 1616 wrote to memory of 1596	1616	Unicorn-53394.exe	123
PID 1616 wrote to memory of 1596	1616	Unicorn-53394.exe	123
PID 1616 wrote to memory of 1596	1616	Unicorn-53394.exe	123
PID 2516 wrote to memory of 1800	2516	Unicorn-61827.exe	124
PID 2516 wrote to memory of 1800	2516	Unicorn-61827.exe	124
PID 2516 wrote to memory of 1800	2516	Unicorn-61827.exe	124
PID 536 wrote to memory of 2540	536	Unicorn-47529.exe	125

C:\Users\Admin\AppData\Local\Temp\7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7c6c0c17f85cc8fc1ab3c5aa95b6cda0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        10⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        10⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        10⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        9⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        9⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        9⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        9⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        9⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        9⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        9⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        9⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        8⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
        9⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        10⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        9⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        9⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        9⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        9⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
        9⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 640
        9⤵
        Program crash
        
        PID:14944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 640
        9⤵
        Program crash
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
        8⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
        9⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        9⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        9⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        8⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        8⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        7⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        9⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        9⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        9⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        8⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        8⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        8⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        7⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        7⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        9⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        9⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        9⤵
        
        PID:17732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        8⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        8⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3220.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        7⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        7⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38532.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
        6⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        9⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        9⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        9⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        9⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        8⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18235.exe
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        8⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
        8⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        7⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
        7⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        7⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        7⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        6⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26979.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        8⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32786.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        7⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        7⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27887.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        7⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        7⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
        6⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        6⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
        5⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        5⤵
        
        PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        9⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        9⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
        7⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        7⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        8⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        7⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        7⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
        6⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 636
        7⤵
        Program crash
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        6⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        6⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        7⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        6⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        7⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24337.exe
        6⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        6⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        6⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22523.exe
        6⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15308.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33960.exe
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        7⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55842.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
        5⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        5⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        7⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        6⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        6⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        6⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        6⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        6⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61326.exe
      4⤵
      PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
      4⤵
      PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
      4⤵
      PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
      4⤵
      PID:17380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58657.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        9⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        9⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        9⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        8⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        7⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        7⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        8⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        8⤵
        
        PID:17624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        7⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        7⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        7⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        6⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        6⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
        8⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        7⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        7⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        7⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        6⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        6⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        7⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        6⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        6⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        5⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        5⤵
        
        PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        6⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        6⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        6⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28363.exe
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        5⤵
        
        PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        6⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13906.exe
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        5⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        5⤵
        
        PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      4⤵
      PID:16320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
      4⤵
      PID:1504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        8⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        7⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
        7⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        6⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
        6⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48801.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        7⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        7⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        6⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        6⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        6⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        6⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        5⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        5⤵
        
        PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        6⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        5⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
        5⤵
        
        PID:17812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      4⤵
      PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        5⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40676.exe
        5⤵
        
        PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
      4⤵
      PID:9452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
      4⤵
      PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
      4⤵
      PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
      4⤵
      PID:10996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        5⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        5⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        5⤵
        
        PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      4⤵
      PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
        5⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
      4⤵
      PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
      4⤵
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
        5⤵
        
        PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
      4⤵
      PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
      4⤵
      PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
      4⤵
      PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
      4⤵
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        5⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        5⤵
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
      4⤵
      PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
      4⤵
      PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
      4⤵
      PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
      4⤵
      PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
    3⤵
    PID:7524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
    3⤵
    PID:6980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
    3⤵
    PID:13608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
    3⤵
    PID:16868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
    3⤵
    PID:11980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        6⤵
        Executes dropped EXE
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        8⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        7⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        8⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        8⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2572.exe
        8⤵
        
        PID:18120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        8⤵
        
        PID:18264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        7⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        6⤵
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20300.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        7⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 640
        8⤵
        Program crash
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        7⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        5⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        5⤵
        
        PID:18384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        7⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        7⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        6⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20149.exe
        7⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40336.exe
        7⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
        6⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        7⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        7⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        6⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60274.exe
        6⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        7⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
        7⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        5⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        5⤵
        
        PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        6⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        5⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        5⤵
        
        PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
      4⤵
      PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        5⤵
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
      4⤵
      PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
      4⤵
      PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
      4⤵
      PID:12040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        7⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        7⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63565.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        6⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        6⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        6⤵
        
        PID:17740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        5⤵
        
        PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        5⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26537.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        5⤵
        
        PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
      4⤵
      PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
      4⤵
      PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
      4⤵
      PID:11572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        6⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        6⤵
        
        PID:18336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        6⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
        5⤵
        
        PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        5⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        5⤵
        
        PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61002.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
        5⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
      4⤵
      PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
      4⤵
      PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
      4⤵
      PID:15832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
      4⤵
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        5⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
    3⤵
    PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        5⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        5⤵
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
      4⤵
      PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
      4⤵
      PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
      4⤵
      PID:9648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
    3⤵
    PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
      4⤵
      PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
      4⤵
      PID:11596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
    3⤵
    PID:10568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
    3⤵
    PID:14864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
    3⤵
    PID:17344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
    3⤵
    PID:11224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        8⤵
        
        PID:18388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        7⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        7⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        7⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        7⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        7⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        6⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        7⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        7⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        6⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        5⤵
        
        PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        7⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        6⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        5⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        5⤵
        
        PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        6⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        5⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
      4⤵
      PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
      4⤵
      PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        5⤵
        
        PID:18368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
      4⤵
      PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
      4⤵
      PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
      4⤵
      PID:9384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        5⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        5⤵
        
        PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
      4⤵
      PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
      4⤵
      PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
      4⤵
      PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
      4⤵
      PID:9460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
    3⤵
    PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      4⤵
      PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41187.exe
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
    3⤵
    PID:9084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
    3⤵
    PID:12000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23348.exe
    3⤵
    PID:14732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
    3⤵
    PID:17684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
    3⤵
    PID:12132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26013.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5120.exe
        7⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        7⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        7⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        6⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        6⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        6⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27369.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        6⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        5⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        5⤵
        
        PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        5⤵
        
        PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        5⤵
        
        PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
      4⤵
      PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      4⤵
      PID:18428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        5⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        6⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        5⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        5⤵
        
        PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        5⤵
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
      4⤵
      PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26704.exe
      4⤵
      PID:14476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
      4⤵
      PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
    3⤵
    PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
      4⤵
      PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
      4⤵
      PID:1180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
    3⤵
    PID:8440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
    3⤵
    PID:10584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
    3⤵
    PID:15364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
    3⤵
    PID:9980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        6⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        5⤵
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
      4⤵
      PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
      4⤵
      PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47229.exe
      4⤵
      PID:15776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
      4⤵
      PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
    3⤵
    PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
      4⤵
      PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
      4⤵
      PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
      4⤵
      PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
      4⤵
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
    3⤵
    PID:9380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
    3⤵
    PID:13856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
    3⤵
    PID:17188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
    3⤵
    PID:18184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
    3⤵
    PID:7208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
      4⤵
      PID:16668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
    3⤵
    PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
      4⤵
      PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
      4⤵
      PID:7424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
    3⤵
    PID:9492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
    3⤵
    PID:13996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
    3⤵
    PID:17320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
    3⤵
    PID:11556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
  2⤵
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
    3⤵
    PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
      4⤵
      PID:7364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
    3⤵
    PID:10848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
    3⤵
    PID:12272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
    3⤵
    PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
    3⤵
    PID:12108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
  2⤵
  PID:7540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
    3⤵
    PID:12552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
    3⤵
    PID:16184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
    3⤵
    PID:7596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
  2⤵
  PID:10092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
  2⤵
  PID:13340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
  2⤵
  PID:16268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
  2⤵
  PID:17768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4124,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8
1⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6268 -ip 6268
1⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7688 -ip 7688
1⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7468 -ip 7468
1⤵
PID:14660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7468 -ip 7468
1⤵
PID:16744

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4980 -ip 4980
1⤵
PID:11052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe

Filesize
184KB

MD5
4f73b1e819537abf8965f6e00dc9b0a9

SHA1
df192fb5974389fbe488d403cccdb2e29ad7802b

SHA256
221f817665d5edf46718836bb6fb66b33f032ac15ad461a26dbfdfc23292af35

SHA512
ba971363562c7d335c0ee2fc9d2a9d689ac65efb165b3cf7221ceb670854e311d71f5b60df4ea1c45a9a257dec1330ce6db61363fc9fd90fb52ee33fb84d94ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe

Filesize
184KB

MD5
a223c30426ae968b2d93ad5a636b13ba

SHA1
d58f132077dcc98401f00b710fa78f1e3d4d99e1

SHA256
0488536c160229395b023d5e9cf6da2001f4f6d173edeae246bda356d6622cbd

SHA512
ed9748260952b2ba62d39a84a8c196c616a9e442a98e6b65f5793087b0329fec749cf9d61a0cea181afb8f6fe38ad66f1da6a3904578785c016f53a30299c1da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe

Filesize
184KB

MD5
56ed2fb2bf88617828a718e0dda6fea4

SHA1
af2f2cbcbe05e23d7093a72200af306976ecb87a

SHA256
e7cb69b1260a6b97a522c812d5567d2302e8ca6f6750c16403e0c256bec0dc32

SHA512
0d213e84f91af7f9d82c167426efb2a7fdd100cb2c3932afd631492c561e8af352a22ca007c929521e469420c42d5cc80a21f9f84c2c848759eafe81b9a4453d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe

Filesize
184KB

MD5
2e566c79cda9b8037f5344a14de45d73

SHA1
12b9619448c25281c4724d1a18378ab90d0aab33

SHA256
7ce0f24882ea6a6099ee004fba6df64fd5075f1cf2a05807249cb995b0df0e57

SHA512
80e89ac3a0be49ff820e824ddd161d8e496a5ba967dbd781277a03b45c806494abc6ee57f5643112a76c081ea6d25285ea695d911eebd750c8ec2190c4e11d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe

Filesize
184KB

MD5
b54515c84307abd0fb4c66728f7dae09

SHA1
eb308b1efe9f0434e45f33560dabb920782d7264

SHA256
35216e7bddce959fb1583f528c278d6dce807fe8c016a63950c98bc37bc1bccb

SHA512
7f94c703f16a2dc96e5b6c540612025e4994d4ef950b3695d4c6883ec0168cec30f5119653d96effdf228f90ec61edcd772b9444182d6139494249468405cb89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe

Filesize
184KB

MD5
389fe4734b2cdbfe7c1c996db98600c1

SHA1
6850694b1d2081bf71ae56c90f5d0300b68280d7

SHA256
700bf0dcb13e1e883399d63a1c80dedf2428e5a611b0d18430cca640993beb61

SHA512
cb388f8374d1a801461dd5af2e6ab068adaf49f4168f3341a100f913c92fd03eb67ae31197c8b140543920eb3a406c7685e014b2b6370ef908c4fc1c770a3c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe

Filesize
184KB

MD5
022303f7fef1ecc389b6a007c4aadb90

SHA1
43c9ece7d689e4a07c4f06c9d71172425786cd57

SHA256
5da0f36e3beef27af0019a83ddb9a0fa96d621fc186806a07ccd7b64d639289c

SHA512
b675f89e8d7185f4c79653deb177836f9708057a8c2ed724c0e5a1861a3043759270537cb9eae8e711f64043eccc13ae493102fe2043124463360cd1b6c4b16f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe

Filesize
184KB

MD5
445c3c2a94d06f2fdda372b831857a70

SHA1
bd882e164c66f3cea69c75f634cd9a38916bef66

SHA256
44c2566d17ea89e0121e4dfe462808d912dca6e50c859437522a9c4d1203c68b

SHA512
0821e9b626c18d481ed3b9603d989febbf52a29b02414506f7e302e2f851de094252ba8e0d0fba927a8c37d490e0cddb07b50514c171ed67870d9ebbafc7bd7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe

Filesize
184KB

MD5
b3cf7bffc059c7bb1d70f71b0918d2b7

SHA1
d2053efc9da5c5bbb53608da2010cc638c59f4c1

SHA256
74dc9f3b9d7bcdd75fba9b190b3b21166ed851791ddb04fd8075014e9d794f3a

SHA512
65734e60298258b8e85ddaa21399d6ae0450545dee93f74704e49ef101df215c59fddaed72219f4c813b44edb3a1a7f477a96236fc3ec57f3e7f824695887786

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27887.exe

Filesize
184KB

MD5
f06ca0b3b8a71c1fcb86cb5565c453c5

SHA1
36bff49544b631fbf9a7f4daa8831207292b8355

SHA256
d26de7296548aa911fc1d924e41e5273a410dfda38887e5b3ea2c31209d3b475

SHA512
83829234c84e9815abdf92f9c1908f6ccbf531aed36735cdc27db766aba8f50d218f4484a04e9a290a5e35caece26e8ee603e2bc0f74408269ee504c4e86946a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe

Filesize
184KB

MD5
85a345fb271fa5ba9d2b9cec1afb354d

SHA1
68651681af4151513af191c53ee3e25693d32a4f

SHA256
25749e9e358c46e01737b6ee93d82cfef9249bc43cba9a55be2cf9e709556e88

SHA512
cc51455002185281a9372ba6898d0bd426dd5dd2e1dc2034f77df5b4976235fc9d35cca58b0b190006a7e5249901c4865e99ab9bd41cc75cf7425cda9f90e76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe

Filesize
184KB

MD5
3333aa8190192a196f63344a711ac15d

SHA1
b41e1d656c5bcf2ffb927a56c20f99a80041b8c2

SHA256
b153fe9b790c4aae522b7846e5419cd35daf6dc4606321804e5e62c059bad711

SHA512
7d17cedee38e5e80e57111401285a647b893b5559f99389b3fa55235d08015567c111035dbb190bfc0510358cc85a3e69a51063b2e1a52186961742f079c326c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe

Filesize
184KB

MD5
6b960cb69f7ea4b6590e8883d01cc346

SHA1
da936ab253b33539dc875fb85017e430aba1a09d

SHA256
f05a651604a69d93e0cff4ab44063e33df900234ddf778b5d7715595beb40354

SHA512
8abacb6be5066b4cb93895defcec3d545669f115d97e43db5d04fbb84282d9658ec120349e6238aa9d3c9cd73514e2339be6428e3b4714715801c96927f042c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe

Filesize
184KB

MD5
9372e86f30ec55ffe4c0b4f69d077059

SHA1
0b631eecff239a7fbdf21b757436b1d2d723d035

SHA256
4c2de8370562a31d94f33d4ede3014c1cab6e09f2bfec3b2aeee990f4e781c88

SHA512
6772973e59b5a401e76dcb9a448601e746ff1f8f022094f7562416924c0862dd533caade2d85a4b0ac702c7359cb5fab3f0927d12ff8f8fc7e9eeb6dd3dac068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe

Filesize
184KB

MD5
01f163f46a79634511630cd6568a2b6a

SHA1
87fb7fa7ea42538ce7303e281032a0d3e361dc25

SHA256
cb608ff46dacd601667e665f0ecf635da726ce5f74e46d089f42b81d3cddfdb7

SHA512
5ba5e2447a048ad3a3fec2d0fd486004655209bcbf048feb5564a7bd9a63c1c4273403b7b14b7aa18e9f2ab9a84c5621dfd60eb6150cca47cece898b45e1252d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe

Filesize
184KB

MD5
24cb31ba415f9a66384daf8662bfc77d

SHA1
6ed7af673f989cb9878829397e05b1dee2ea41d1

SHA256
825aab748d82178f80e184e20aaa08a1d4be53a0c8680d8029c806cfadbcda00

SHA512
b9643e4ae748aaa338ac4a202f385103aeab49532c38c566659ca75494268691ef8b9b8c7e2f30d84f6acccfd1b310b372e0860f4010a023f0feef135cd710c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe

Filesize
184KB

MD5
bd80e8e741b166fc33a120020d5caddb

SHA1
669fe286c0e4556c7e2c7b61347cf1ec96c9511e

SHA256
728b19c488b6208d238290171f26094d69bfcb2616b43dacb1e21030c800ed4a

SHA512
ba84bf8bc168c94f8e86c15097135cb6a31fc60af29084a2acb79b7c3e9feb322de0c05d28ccbfc15cf4772344f439f8f293f6417709ed88553149f0c96d5d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe

Filesize
184KB

MD5
394df53e4f05edc9bf52065769ba055a

SHA1
f3a8219bf9766a60b382b7995af74c031d469249

SHA256
16c81bbe23c7822be18bd509f283704274c0ccd3fcabba713b88ffa2182a7ce6

SHA512
0a7703ad59e914c3e8081f8c0a281970e3f3a42b8cbebb38fd44722339512c3dba63ee0e18a47915e3fe596b536574107f7d6e06082cdea5bf325e1196dde9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe

Filesize
184KB

MD5
bfd17a3f4548d470f42469c991f98a24

SHA1
47c45427b3ce9174be24d12258267e6bc58f8b6f

SHA256
2af1e60d9f98dba9830f44276d9ae23f3faa8376f0fe5d497745ef04628a6883

SHA512
9f0b0a36fd2a6103bb0bb51b4d969f95db0f81b35cab4510d29134c29c8d1967f3233f3de485fe0ff21a9f0d5aa4d6bd2ac3e5b21ead392c47d9bec2c1a25b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe

Filesize
184KB

MD5
7fbd87277aca05bd7142159a94f4727e

SHA1
947a2d5cb8727d6ab9ba979cf0a1b5d429e257a5

SHA256
c5dcbe7b6a8bb41b60d89dc2104b85606d12635dbb68d7b42f83f9195173762f

SHA512
b0c9db50a039220fd0c3ce682febc92846b19124a93f2e760ae070229b37ae9377ef1be2af802fd4a308a3b4e6782bfa239ffc4f0ad04fdab2177530125d42a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe

Filesize
184KB

MD5
4e2ba070427cdd2255dd5a819eb848d5

SHA1
3ca07c44ac30cd88d9a70406810ca61bbe2c6d2a

SHA256
f4d3a1ec62ca4e9a488635c07afa8de82c5270305d6949f54b8db9c02ba5b184

SHA512
991e5487662d092f7f6cbe06513d06c01bba236e5f4353aca27a96d20f425744c4769864a3595e007107857c7f853111e1be81c3012867ad4cd5e88fdbb81090

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe

Filesize
184KB

MD5
364849030c37349ca945c38c1e037b73

SHA1
19b8075f9985cb6e58ba8d2e03866125c236b6bd

SHA256
dde3faf556300f128a0cc356b23e371a8a7fbb8f0c60dba051f2e6429f06729d

SHA512
a68e52e1103f3642729673ac70c3eb54b1afeeefee90f5a9fa47f34e10696696c1ba87648868a8f0084a2d7ddfb7eb4c5c44f21f8273235d433195ee675d8575

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe

Filesize
184KB

MD5
d55d586ff4f6a4d317ffd512a9b34979

SHA1
dbcd3d3c87a3ff767f2ba3c8836d8ea04a15929b

SHA256
73d66d39b6103a2cebf44baa39feebeb874c3d3eb66e9f7ff50828c94b5fde53

SHA512
4b35114fdcad5ad5b51fbccf4b72d8a3cad0e1435f2d438cce6945f207d3fe17d278797de2ee9b8545bed556b91e587665969dd0f4e314a3c505df889b702b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe

Filesize
184KB

MD5
ab09233e0fe47abcb31895b8893ab04c

SHA1
96ff4f51d9185260658fed86fc5fa6c5d911ece3

SHA256
61d38e9d682a679801793497af8319b2aad0f8f2378725149116c75c2cd6b7bb

SHA512
9f4944f8700e9950b90b290f7c6788efef77ce4ca3cb87239852d8bb694510abfd98e35e38c37debfc320b9c5f0f1c8e09833e8080709fc9b0bd7099875ac17b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe

Filesize
184KB

MD5
17cef6cb5ca0e5f4c9f5202692cd9cca

SHA1
9b7319378e326c7ebdaa5b99f6c50546cddb9695

SHA256
656c71b98873948fe9b1ad49f2165183cd613c6d17c109dee650f62d1463100d

SHA512
b58059d07c8c4a9ab429b28bb020ca0a65554bb7d67c4265a230e8985b9baec68119b9fe2484658131430d6881ce47d7ff552a1cfeccb40ce8fd2001804da787

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe

Filesize
184KB

MD5
d83de151348e907a1f3ed7f3c9388983

SHA1
552c5dee394e7c8e0c8541c4c6002f61625ba37f

SHA256
5497d20adaec41d0b88b9bc20b4075c290dfc5a28b56562f497c560dcdc23cb9

SHA512
05f276472d9f027f79ffddf23193a739a890741f1f577f9cab87f4c895258ccff295fec857526b7f2ee1868a2e3cc29916824f75a6b21d6b3feafacdf8dfe6eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe

Filesize
184KB

MD5
3ef7baa8132360c4bc7c8e128420b02b

SHA1
8ed1d206dcd65f00376cdfbf649a6029bcb0492e

SHA256
46d37e2a44afd55bb74638adae7d9f5f3768b69fba22033feb65486d114ab2f6

SHA512
5f368154d31f052e93794606f7e4c27b8361cc3e3af171a59fb095578d1dc7ba8641117b830318fe4f47cea59189135147f6264bd94723c455e876a43f955829

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe

Filesize
184KB

MD5
282df2fdb2fc999f17a3ea20e0fcc57f

SHA1
f055c42e00ff7f8a2780ca2ffb3b9ef5fd8c6355

SHA256
35801a8201adfe40a60de8372fa1fc11efc94917d4263c9cd77acc763c54aeee

SHA512
10c8b12f23b58fe0e24ad61f604655525f28a32acff742b00439efcf285e44119ef9d3ecd374a046f2f7df09000cbef07bbf260b3781491f7434ec89d1c06055

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe

Filesize
184KB

MD5
e6d67a9186fe43d8b221981c59a29868

SHA1
08b027bd2b40f64a6fff51fad90fe0b14d7385c7

SHA256
cb83e8b8c81998410a2033f068112ca8e717dc32b4cb5671fa957e49269958d0

SHA512
8277883af27257c454d246fee91bea9b7826c81d1629e97823a88f38ed0b0fa5a19b62f1e0fc781ceb1ee514b555aec4391ee71b4bf55964b84af716283cc67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe

Filesize
184KB

MD5
b207352e3a584ab7dc4442c85b986302

SHA1
974a3c33aaa0441599e57b4c6c20ddca8d9fec48

SHA256
acf030d8763771fc184db403eba0b0e70269decbe67330aa11ea113e8c9cf6a9

SHA512
7881bd71a8162c36df1137bcdb0bcc63b9fe3c2dc9c8e0fd89a25b96506082819725cbcf45ace542d76d2e8b502b89540bfa5aa25b694a1028044d1e8f19a1cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe

Filesize
184KB

MD5
c22429cef0fdaa61e192211e275ab014

SHA1
a942a3da28e7a0fcd472da0fb4890dd8ea6f217e

SHA256
84c34a2baa58461d1143ac19599fbb5d2524c75e509afc86a98505512baef32c

SHA512
00f4ad4f300b31c0605ba0074758cc53dbe34b52f17c4987d1d768c26e7467de74ff702c7b8780618c959aa06a993663fcd3afe6cb1bd166e9c22c0b115aa4eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe

Filesize
184KB

MD5
3a7d6c772945911e91a359ed46b2e3c0

SHA1
80318af0632abef45f9940a2e43254c07215dadb

SHA256
b4b109ded536d408d62ee41d3696deb9a85cf89953c472c1ffb759ff598a156a

SHA512
e3500b1cffd8fd9ed89bbdb7a889abf8428ef7960b9ecfc7b905b70402dab714a8ead950fd24a5c614999c7233962e458e18b65d8961b8af77a538b1cb62289a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe

Filesize
184KB

MD5
b41a71cf81366036d83d527c9407898c

SHA1
feb380b3c10b988e39d2a16b85c05fcc7bbc0b26

SHA256
cf545fa6c84abd00106bc979d87a8e3116e4019e84f5d26aaf0adee164e864a5

SHA512
9e7eee90a525ee334878cd3aaca4968d5f13c287e0ecbf0017368ab503f7c3317cea55dc3b1033579ddd1a04e746fcf4959c9c9cfab1a6090b9acdab04621d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe

Filesize
184KB

MD5
afcde318fb3a39033a3a4c87aab69212

SHA1
dd19cd6a03273740fbe6b80c1cb2f8dfe3a09349

SHA256
92d44db750f781ae198e8451fa285a9a55a8d41c284e8834ba5c9603e0235fda

SHA512
849b876440da1e9febdae249791c39c7c08b3ea42e1199279453068d47e2f44220bedc11cc60a4ebd446e9f003da8c1fc49e2b37a7bf0139b613005d29356326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe

Filesize
184KB

MD5
073426d319126f1dca8de2813e86b5de

SHA1
f9acedfe3862a4efbc58ed749df1f7f3074a6222

SHA256
ef20e6dde31adbc1cbd83d7bb19cd5591eaa9a8c4cb93067068d55d80f3952d0

SHA512
38bc99b101a6abad7b91d57075fcedab25cbdf82670d9360e99a75c5f336e6bb9907cd3215f3794ae70343e9d3e370db9a792533dd42fa0e6764c07f92cde8ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe

Filesize
184KB

MD5
950a199a4d28741a404b6b37d092e232

SHA1
3107d99ff7d82b60efcdc7332ee39d6c535b8dfa

SHA256
3ea02d464f35de0e2b7c1b5183fddc0f998adf47d7252bb90dc33edffc9dfba2

SHA512
4edc83c51e14d799d0593778578ce4877381f596e27c3950a445bb441d745a0cf4e4043792490b4276398ba21b4777f09c8e2e00bf49cf36fc7ce3e0618d8987

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads