08c798bffe496dd67d39b35b6f257b9f916c03d8b926d86bbf86af45b0333ac9

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe
Size

184KB
MD5

32f336bc345ecd3d396a403de6aaa630
SHA1

0fa8779f4fcae7834f6cb7f404a79919afb206a2
SHA256

08c798bffe496dd67d39b35b6f257b9f916c03d8b926d86bbf86af45b0333ac9
SHA512

d7bd585beb8c6a7ef23ffc99cbc64b75659b1985c62a22e3fa20ca7101e9d9c3b060f5d918997a2d32b9d3e9e58df2d32ddb38e79098d57498fc522376029edc
SSDEEP

3072:LJcumzoIJzxBdrItWPo8bGU0lvnvnviuR:LJcoyPrIj8KU0lPvnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
400	Unicorn-59679.exe
5008	Unicorn-58906.exe
4180	Unicorn-55377.exe
404	Unicorn-59682.exe
4528	Unicorn-12785.exe
4532	Unicorn-6655.exe
2128	Unicorn-34829.exe
1044	Unicorn-12505.exe
4300	Unicorn-25312.exe
2268	Unicorn-46055.exe
3100	Unicorn-53154.exe
3504	Unicorn-4456.exe
3220	Unicorn-50393.exe
1520	Unicorn-6759.exe
1936	Unicorn-6937.exe
4312	Unicorn-27912.exe
4152	Unicorn-23850.exe
2252	Unicorn-42224.exe
3800	Unicorn-47202.exe
5044	Unicorn-22240.exe
3728	Unicorn-38842.exe
4252	Unicorn-47010.exe
2316	Unicorn-38842.exe
2224	Unicorn-14151.exe
4740	Unicorn-38842.exe
2904	Unicorn-16951.exe
2732	Unicorn-3216.exe
516	Unicorn-3216.exe
2892	Unicorn-51810.exe
2852	Unicorn-24653.exe
3084	Unicorn-45095.exe
4336	Unicorn-43834.exe
1472	Unicorn-45872.exe
4936	Unicorn-52002.exe
3376	Unicorn-59542.exe
4384	Unicorn-47041.exe
3088	Unicorn-33082.exe
1640	Unicorn-18858.exe
1400	Unicorn-9735.exe
3720	Unicorn-36071.exe
2688	Unicorn-43170.exe
4880	Unicorn-36647.exe
4380	Unicorn-36647.exe
5124	Unicorn-36647.exe
5152	Unicorn-43746.exe
5160	Unicorn-43746.exe
5192	Unicorn-2713.exe
5132	Unicorn-16781.exe
5240	Unicorn-36190.exe
5248	Unicorn-10989.exe
5256	Unicorn-30324.exe
5264	Unicorn-16589.exe
5308	Unicorn-37424.exe
5316	Unicorn-23688.exe
5272	Unicorn-16589.exe
5552	Unicorn-36346.exe
5564	Unicorn-42053.exe
5616	Unicorn-62770.exe
5632	Unicorn-31943.exe
5680	Unicorn-37498.exe
5708	Unicorn-50305.exe
5748	Unicorn-63647.exe
5776	Unicorn-1680.exe
5808	Unicorn-18016.exe

Program crash 13 IoCs

pid	pid_target	Process	procid_target
4168	4532	WerFault.exe	109
4920	1520	WerFault.exe	121
1796	3800	WerFault.exe	128
6064	5832	WerFault.exe	179
3936	3088	WerFault.exe	148
7772	5508	WerFault.exe
6944	6004	WerFault.exe	183
11048	6904	WerFault.exe	251
10844	4012	WerFault.exe	288
4224	3464	WerFault.exe	975
7332	17092	WerFault.exe	842
7980	17276	WerFault.exe	876
7720	8532	WerFault.exe	368

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13000	Process not Found
Token: SeChangeNotifyPrivilege	13000	Process not Found
Token: 33	13000	Process not Found
Token: SeIncBasePriorityPrivilege	13000	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe
400	Unicorn-59679.exe
4180	Unicorn-55377.exe
5008	Unicorn-58906.exe
404	Unicorn-59682.exe
4528	Unicorn-12785.exe
4532	Unicorn-6655.exe
2128	Unicorn-34829.exe
1044	Unicorn-12505.exe
4300	Unicorn-25312.exe
2268	Unicorn-46055.exe
1520	Unicorn-6759.exe
3504	Unicorn-4456.exe
3100	Unicorn-53154.exe
3220	Unicorn-50393.exe
1936	Unicorn-6937.exe
4312	Unicorn-27912.exe
4152	Unicorn-23850.exe
2252	Unicorn-42224.exe
3800	Unicorn-47202.exe
3728	Unicorn-38842.exe
4252	Unicorn-47010.exe
2316	Unicorn-38842.exe
2904	Unicorn-16951.exe
5044	Unicorn-22240.exe
2224	Unicorn-14151.exe
2732	Unicorn-3216.exe
516	Unicorn-3216.exe
4740	Unicorn-38842.exe
2892	Unicorn-51810.exe
2852	Unicorn-24653.exe
3084	Unicorn-45095.exe
4336	Unicorn-43834.exe
1472	Unicorn-45872.exe
4936	Unicorn-52002.exe
3376	Unicorn-59542.exe
4384	Unicorn-47041.exe
3088	Unicorn-33082.exe
1640	Unicorn-18858.exe
1400	Unicorn-9735.exe
3720	Unicorn-36071.exe
2688	Unicorn-43170.exe
5124	Unicorn-36647.exe
5152	Unicorn-43746.exe
5160	Unicorn-43746.exe
5192	Unicorn-2713.exe
5132	Unicorn-16781.exe
5272	Unicorn-16589.exe
5248	Unicorn-10989.exe
5316	Unicorn-23688.exe
5256	Unicorn-30324.exe
5264	Unicorn-16589.exe
4880	Unicorn-36647.exe
5240	Unicorn-36190.exe
4380	Unicorn-36647.exe
5308	Unicorn-37424.exe
5552	Unicorn-36346.exe
5564	Unicorn-42053.exe
5616	Unicorn-62770.exe
5632	Unicorn-31943.exe
5680	Unicorn-37498.exe
5708	Unicorn-50305.exe
5748	Unicorn-63647.exe
5776	Unicorn-1680.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 400	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	101
PID 1536 wrote to memory of 400	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	101
PID 1536 wrote to memory of 400	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	101
PID 400 wrote to memory of 5008	400	Unicorn-59679.exe	104
PID 400 wrote to memory of 5008	400	Unicorn-59679.exe	104
PID 400 wrote to memory of 5008	400	Unicorn-59679.exe	104
PID 1536 wrote to memory of 4180	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	105
PID 1536 wrote to memory of 4180	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	105
PID 1536 wrote to memory of 4180	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	105
PID 4180 wrote to memory of 404	4180	Unicorn-55377.exe	107
PID 4180 wrote to memory of 404	4180	Unicorn-55377.exe	107
PID 4180 wrote to memory of 404	4180	Unicorn-55377.exe	107
PID 5008 wrote to memory of 4528	5008	Unicorn-58906.exe	108
PID 5008 wrote to memory of 4528	5008	Unicorn-58906.exe	108
PID 5008 wrote to memory of 4528	5008	Unicorn-58906.exe	108
PID 1536 wrote to memory of 4532	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	109
PID 1536 wrote to memory of 4532	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	109
PID 1536 wrote to memory of 4532	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	109
PID 400 wrote to memory of 2128	400	Unicorn-59679.exe	110
PID 400 wrote to memory of 2128	400	Unicorn-59679.exe	110
PID 400 wrote to memory of 2128	400	Unicorn-59679.exe	110
PID 404 wrote to memory of 1044	404	Unicorn-59682.exe	114
PID 404 wrote to memory of 1044	404	Unicorn-59682.exe	114
PID 404 wrote to memory of 1044	404	Unicorn-59682.exe	114
PID 4180 wrote to memory of 4300	4180	Unicorn-55377.exe	115
PID 4180 wrote to memory of 4300	4180	Unicorn-55377.exe	115
PID 4180 wrote to memory of 4300	4180	Unicorn-55377.exe	115
PID 4528 wrote to memory of 2268	4528	Unicorn-12785.exe	116
PID 4528 wrote to memory of 2268	4528	Unicorn-12785.exe	116
PID 4528 wrote to memory of 2268	4528	Unicorn-12785.exe	116
PID 2128 wrote to memory of 3100	2128	Unicorn-34829.exe	117
PID 2128 wrote to memory of 3100	2128	Unicorn-34829.exe	117
PID 2128 wrote to memory of 3100	2128	Unicorn-34829.exe	117
PID 1536 wrote to memory of 3504	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	119
PID 1536 wrote to memory of 3504	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	119
PID 1536 wrote to memory of 3504	1536	32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe	119
PID 5008 wrote to memory of 3220	5008	Unicorn-58906.exe	120
PID 5008 wrote to memory of 3220	5008	Unicorn-58906.exe	120
PID 5008 wrote to memory of 3220	5008	Unicorn-58906.exe	120
PID 400 wrote to memory of 1520	400	Unicorn-59679.exe	121
PID 400 wrote to memory of 1520	400	Unicorn-59679.exe	121
PID 400 wrote to memory of 1520	400	Unicorn-59679.exe	121
PID 1044 wrote to memory of 1936	1044	Unicorn-12505.exe	124
PID 1044 wrote to memory of 1936	1044	Unicorn-12505.exe	124
PID 1044 wrote to memory of 1936	1044	Unicorn-12505.exe	124
PID 404 wrote to memory of 4312	404	Unicorn-59682.exe	125
PID 404 wrote to memory of 4312	404	Unicorn-59682.exe	125
PID 404 wrote to memory of 4312	404	Unicorn-59682.exe	125
PID 4300 wrote to memory of 4152	4300	Unicorn-25312.exe	126
PID 4300 wrote to memory of 4152	4300	Unicorn-25312.exe	126
PID 4300 wrote to memory of 4152	4300	Unicorn-25312.exe	126
PID 4180 wrote to memory of 2252	4180	Unicorn-55377.exe	127
PID 4180 wrote to memory of 2252	4180	Unicorn-55377.exe	127
PID 4180 wrote to memory of 2252	4180	Unicorn-55377.exe	127
PID 1520 wrote to memory of 3800	1520	Unicorn-6759.exe	128
PID 1520 wrote to memory of 3800	1520	Unicorn-6759.exe	128
PID 1520 wrote to memory of 3800	1520	Unicorn-6759.exe	128
PID 400 wrote to memory of 5044	400	Unicorn-59679.exe	129
PID 400 wrote to memory of 5044	400	Unicorn-59679.exe	129
PID 400 wrote to memory of 5044	400	Unicorn-59679.exe	129
PID 3504 wrote to memory of 3728	3504	Unicorn-4456.exe	130
PID 3504 wrote to memory of 3728	3504	Unicorn-4456.exe	130
PID 3504 wrote to memory of 3728	3504	Unicorn-4456.exe	130
PID 2268 wrote to memory of 4252	2268	Unicorn-46055.exe	132

C:\Users\Admin\AppData\Local\Temp\32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32f336bc345ecd3d396a403de6aaa630_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        8⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
        9⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        9⤵
        
        PID:17092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17092 -s 464
        10⤵
        Program crash
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        9⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
        8⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        9⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        9⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        9⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        9⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
        8⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        7⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        8⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        9⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        9⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        8⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        8⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        8⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        7⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19643.exe
        7⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        8⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        8⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        7⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        6⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64091.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        6⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        9⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        9⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        9⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        8⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        8⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        7⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        6⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 720
        7⤵
        Program crash
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        8⤵
        
        PID:17668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        7⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        7⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        7⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        6⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37307.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        7⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        6⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2273.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        9⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        9⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        9⤵
        
        PID:16208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        9⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
        8⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        8⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        8⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        7⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        7⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        8⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        7⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        7⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        6⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        6⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
        8⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        8⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 240
        9⤵
        Program crash
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        7⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55806.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
        7⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        6⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        5⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        8⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        7⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        7⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        6⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        7⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        7⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        6⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        5⤵
        
        PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        6⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 640
        7⤵
        Program crash
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        6⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        6⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        6⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
        6⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38877.exe
      4⤵
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
      4⤵
      PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
      4⤵
      PID:16808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        9⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        9⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        9⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        8⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        7⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        7⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
        8⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        8⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        7⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        7⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        6⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48893.exe
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        8⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        7⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        6⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        5⤵
        
        PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        8⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        8⤵
        
        PID:17704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        7⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        7⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        7⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        7⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        6⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        7⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        7⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        7⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        7⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
        5⤵
        
        PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        7⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
        7⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
        6⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        6⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        5⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
        6⤵
        
        PID:17816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        5⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
      4⤵
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
      4⤵
      PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
      4⤵
      PID:17988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        8⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 652
        8⤵
        Program crash
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 736
        7⤵
        Program crash
        
        PID:6944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 744
        6⤵
        Program crash
        
        PID:3936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 740
        5⤵
        Program crash
        
        PID:1796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 740
      4⤵
      Program crash
      PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        6⤵
        
        PID:18136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        6⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        5⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        5⤵
        
        PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        7⤵
        
        PID:17636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        7⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        5⤵
        
        PID:16388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        5⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        5⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        5⤵
        
        PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
      4⤵
      PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
      4⤵
      PID:17656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        6⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        5⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
      4⤵
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
      4⤵
      PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
      4⤵
      PID:18296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
      4⤵
      PID:10184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        5⤵
        
        PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
      4⤵
      PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
      4⤵
      PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
      4⤵
      PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
    3⤵
    PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
      4⤵
      PID:15880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
    3⤵
    PID:9300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
    3⤵
    PID:13336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
    3⤵
    PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
    3⤵
    PID:6340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        10⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        10⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        10⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        9⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        9⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        9⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        9⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        8⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        9⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        9⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        9⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        8⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        7⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        7⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        8⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        8⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
        8⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        8⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        8⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55886.exe
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
        8⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        7⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        7⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        6⤵
        
        PID:18192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        9⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        9⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        9⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        8⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        7⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        7⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        7⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        7⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        7⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        6⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        6⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        6⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        6⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20218.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        9⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        9⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        9⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        9⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        8⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        7⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
        8⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        7⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        7⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        6⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        6⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        5⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        5⤵
        
        PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        5⤵
        
        PID:17276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17276 -s 436
        6⤵
        Program crash
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        5⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
        5⤵
        
        PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
      4⤵
      PID:5832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 468
        5⤵
        Program crash
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
      4⤵
      PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
      4⤵
      PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      4⤵
      PID:8880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        8⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        8⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        8⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        7⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        7⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        7⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        6⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        7⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        6⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        5⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
        5⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        5⤵
        
        PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        7⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46170.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
        6⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        6⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        5⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        5⤵
        
        PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
      4⤵
      PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
      4⤵
      PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        6⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43172.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        6⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        5⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
        5⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
      4⤵
      Executes dropped EXE
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        6⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        6⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        5⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      4⤵
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
      4⤵
      PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
      4⤵
      PID:18384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        6⤵
        
        PID:17756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        5⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        5⤵
        
        PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
      4⤵
      PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
      4⤵
      PID:18304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
    3⤵
    PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
      4⤵
      PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
      4⤵
      PID:18020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
    3⤵
    PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
      4⤵
      PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
      4⤵
      PID:4224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
    3⤵
    PID:8912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
    3⤵
    PID:12208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
    3⤵
    PID:13984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4883.exe
    3⤵
    PID:17688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
    3⤵
    PID:3532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 636
    3⤵
    - Program crash
    PID:4168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
        5⤵
        
        PID:8532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 728
        6⤵
        Program crash
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        5⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        5⤵
        
        PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        5⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        5⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        5⤵
        
        PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
      4⤵
      PID:17188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36834.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        5⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        5⤵
        
        PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        5⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
        5⤵
        
        PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
      4⤵
      PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
      4⤵
      PID:16236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
      4⤵
      PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
      4⤵
      PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
      4⤵
      PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
      4⤵
      PID:18008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
    3⤵
    PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
    3⤵
    PID:12024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
    3⤵
    PID:15112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
    3⤵
    PID:18176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
    3⤵
    PID:17364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        5⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        6⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        5⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        5⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
      4⤵
      PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
      4⤵
      PID:10080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        5⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        5⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        5⤵
        
        PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
      4⤵
      PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
      4⤵
      PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
      4⤵
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
    3⤵
    PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2273.exe
      4⤵
      PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
      4⤵
      PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
      4⤵
      PID:10340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
    3⤵
    PID:10848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
    3⤵
    PID:13888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14284.exe
    3⤵
    PID:16996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
    3⤵
    PID:9616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10989.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
    3⤵
    PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
      4⤵
      PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        5⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        5⤵
        
        PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
      4⤵
      PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
      4⤵
      PID:18364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
      4⤵
      PID:9468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
    3⤵
    PID:7680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
    3⤵
    PID:9924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
    3⤵
    PID:12448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
    3⤵
    PID:16424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26586.exe
    3⤵
    PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
    3⤵
    PID:7816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
  2⤵
  PID:5672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
    3⤵
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
      4⤵
      PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
      4⤵
      PID:9288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43796.exe
    3⤵
    PID:9548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
    3⤵
    PID:12828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
    3⤵
    PID:16360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
    3⤵
    PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
    3⤵
    PID:8240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
  2⤵
  PID:7840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
    3⤵
    PID:10296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
    3⤵
    PID:14788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
    3⤵
    PID:17748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
    3⤵
    PID:10248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
  2⤵
  PID:7832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
  2⤵
  PID:4452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
  2⤵
  PID:16340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1304,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:8
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4532 -ip 4532
1⤵
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1520 -ip 1520
1⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3800 -ip 3800
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5832 -ip 5832
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3088 -ip 3088
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5508 -ip 5508
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6004 -ip 6004
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6904 -ip 6904
1⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4012 -ip 4012
1⤵
PID:11108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe

Filesize
184KB

MD5
f0feb18cd4402bcc0f70d2f8ab4d1086

SHA1
c1bb3b0d418860957000d280e14ce513b352f3e5

SHA256
6bbbb37612edd5e59d6be49a6aced64868276e3bddb386d4d58bd2b3f27fc105

SHA512
d1390b437661fe22605d8d1f40b6d1063eb98364361cb3b8e4678246e0b9e831bb5bdc2ba69c873cbbc37aad1b4b98aa57c2cb5191bd947c73877bc6550fa12f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe

Filesize
184KB

MD5
e230a92a9caa4865e3fd1f144a812f73

SHA1
b7cf47661954f7b2454ecb7bd6b060c7514e264a

SHA256
f09e4579dbfffdd02d6a3cff9841cb0f5d8f54402733c525de37268ad17c163a

SHA512
808ddc147c1309d80388a5d2d4784ad9763879c740b121b50c67bd50fca144e709725179d68dc59596a96bfc64faf21e7806cc510f735c2ee0f51a6e5403631f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe

Filesize
184KB

MD5
7ec24b3ef231b383e7741029f3a8f83f

SHA1
e8bca040a134f0779f36d44063975407d4a538cc

SHA256
26a11f13213ea592dce8edc86d14efbb35f2d5bc15e88b02ef93866c5a297776

SHA512
aaaa9f6912cc364811a82ff6594bf64967468fb5482715a5eb303096af41e4da8efa6ca254bd37f6d3c13535a0902a47fa40a6b1c309ea29bede79a21f026bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe

Filesize
184KB

MD5
16b91cc98f9ded72ae40f24ef13ab8c8

SHA1
ef4b78340e62cd72f7ff015ea792bb092f44d876

SHA256
3aa4bd10f67289499748dd269b361ec8ca99e8aa6b6378c90fbdd646fd89c2e9

SHA512
12419a7f3dd24465142811af038019099ca7898e0c11254e5118c23cc3862472d884e705e4429a8e083328f1a9d49b47e3667e822c8f1af70c87c150dfd72990

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe

Filesize
184KB

MD5
da895dfc09ee82dc1ad0f193a28713b7

SHA1
e64f9ae63061a4dd86a330b87704fb24f3f3cdb7

SHA256
0dfb3cf6cf8b27a561509eb3273f79b58216bf84878fe94e2c822caba561fae2

SHA512
daf327dddf72d0595215826d71138cd009f69a3000dd159fcb61af4c16d3a78edba650dd6e7fb6283cc2dffbbfba7c1d1d790a241b6cb74f928e7fc7c2f581b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe

Filesize
184KB

MD5
e7c023a141dea8c8d6f448a3ccbfcd7a

SHA1
cb1a6ac0288d3db24f4597760e71fd459057577f

SHA256
f70b15ffb6147725ff580afc469ed73a5a2ee9f9b466f1a071416df43283af00

SHA512
4523b758823b3756a257647693ab2d16e3f176673b528e02f6f3eac2b93551ca5d8d9764ad6ee21691c29f3c13f27e87d879566d9631794f8c1de486136f85e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe

Filesize
184KB

MD5
c33a4fa487e21f73eb990ebaddb8e0b9

SHA1
15bc2bc7982b97d16d648ef311984b2c0f819b18

SHA256
fba3883c8b4df2a40be2fd2c6b97a7b3be565058173570fd2dd3023aebfb375b

SHA512
a5bfb853d69b81c121cb4946286d8283c50bb670eacf9c9d82c356730534a9940c64a833cfa8673c18e4d9ea231a3e8353eff7ecd71594423b579b6c7825fdb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe

Filesize
184KB

MD5
0e20fdd3874d7a1e82ad4d39868212f8

SHA1
eed8367f80db52a58b4012dcc2187037ffbac6ee

SHA256
353ddffa9cea1fe0c6fb9174080146f7a0f3eb3a47061441cd8fd141729fbafc

SHA512
585743ce906391c71f2fd164da5612ca1bca44ba5edd0815114b3b42ec67c10b686ed4ac509df874fa364ac6d67d608ec4a17e02b1c04c1a9b7569fe51bd5715

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe

Filesize
184KB

MD5
e29f1498191ad7c48201ba1ddff48907

SHA1
c25baaa859ade0fa5c99ef4027ac06896895f7e4

SHA256
bb1e56981d5efc795d523638138fb142cb7d8121b13cdb4dc1022d87ad299d90

SHA512
ed38a6739bacd0893ec81cd3c9413bdbcd23b3af8b7b648a7f0118e9f0203a018681e28b4b224342b29451f11d3e9461b150c4f65051017c87848a6b708e1be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe

Filesize
184KB

MD5
34d99b4b16e7008c8311261b767db219

SHA1
5ee33fa0f12a57bcdc94326080d126a926d52069

SHA256
17da7d0e311bbb19ba58681bc5f7750c542180f4a60231c5bab76c5600740dbc

SHA512
79b3ca17ebf9a406e9fbac1e99f91cab5377e9a52d04440480c8bbb267a2d0aa08ed1cf6dc845611307c9699f85fcc760b2ab0511898f36581e0c8b0216fb3b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe

Filesize
184KB

MD5
5c840e99c3fcb81a167f2121f86c217d

SHA1
d62395100d2936d5eb17bccd327e2047bc0b7be5

SHA256
f9a1e23a3a016b9dd0a52d3c35c2ca65b83bb5b2d67653ceffb7c770c867304b

SHA512
0f3e3616ac7207e9f36bdee90db6b4b75d838b97903866bf06f96c79a5ef9098aa74a36811ec14621d318f2b4f88f895013d212a073713d96dedc1f100c00b25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe

Filesize
184KB

MD5
07cbd7ecd7deae9982932ac53f996e90

SHA1
7aef926974a667d1465f412a64eeb49277691996

SHA256
dd2d16638188b3b588c485a762a41ef9b05e174c952bbc0281b053c11631e599

SHA512
2b6a6322e4360c13c786cb803ca1704fc879fabf00f34ce258d8f857498f47c123806faecbaa4a68905157132c1b8df6add5a4db1e9b92db48f64f426c6584e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe

Filesize
184KB

MD5
c8c1ae6ca9245faf4488ef15e4c0402a

SHA1
dee4958c76a9311ad7420b54b9d7e81f8a324d47

SHA256
51bde7d560c1b649d21631e6a9ee084b69b188abb0eded1dad324f7935e0c9a7

SHA512
ac7c5426ab1a4393bf9c89f9c327b67108c49b4b80df9ce7b6b0a0485ade4490a0b78699062d87bd37279712d2a06aef257f848d810bd251678b68cec4c0b1da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe

Filesize
184KB

MD5
8f2d8be96941f1e311f3ae480d87f84d

SHA1
d8efade97a43ad68ab7b847c48d18346ae1fdeeb

SHA256
7abeafe8a228f63f700bd32ee39b0c1a22a1654d47a6016365d6988555f04f18

SHA512
0e5f838ac901f3d120ddb377691a8fe0a8c833505a76f73f24873395176470ebc48f2eec6c6cf976cc34ec8a21d06bc9e954d59ad9e8d58c9a008749f824660f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe

Filesize
184KB

MD5
623f1e359ca5657edcd9186c784dbabc

SHA1
958db9c0288c509ba1891220d60bc59c61426343

SHA256
2514c97ccf7de38ff8d0c1d08a18ba67c456dec560f12d2f2ab5ac7f28cb5c2d

SHA512
fae4931bfa4f6187241a68559d50bd38047e83c2e80de0f8bcd0957d6642bf37bcd0c0c0c08d19333402cdbf7cf79ef6197355aeb2de58a6de9a12130c461fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe

Filesize
184KB

MD5
5276bef1f6c2543ace61d2376d7ebe1e

SHA1
ee950befbb267c8022ee8334ef30a8bbe7122ed0

SHA256
c225c608c4e7abc753e6e2d0bd70cea6f7daec4a20d3de23d7c72675444d6fad

SHA512
2994d0e76e860097a4ca3ee1aeeaf7500a9fae66b592882508758450155251e12d07dc54a01288b0a34692e162fe1c343cf594097c869711ab8c8a7da1a621f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe

Filesize
184KB

MD5
10380fbe3734360c0a312467daef5de9

SHA1
44f2aac508e454a28308c7397d8ee0d88c949dbf

SHA256
c0368ee2c88289a4ae52d904b815cd39112843e2b126f7503af2480a3f6ba68f

SHA512
0f9baf68fa8ab993bf9d0eb62181ee030c33e5533125b5a1e9572898128bf74c04afcf7c925034c7c2b6133d4f0076e2e01856846e351d37ad7ab591dd055450

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe

Filesize
184KB

MD5
4fa4a787d45f46dfcab60426e2b5551e

SHA1
08db0c403e0e96ccb8023d781a4d6eccf2299057

SHA256
ecc8b2d91665d8b728735c855096f46121331dad480d0ecb6f3ffad944f70edd

SHA512
666254a53903e4e1a2ea33bfb98eb525f73d9d3c17d087f28689a59484631522711cc4cbeca9d118072d6cb99f05052c79d61266fc1e0d4380dd3d1df382aee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe

Filesize
184KB

MD5
1b84b1e81ca25da98e1d192890be926e

SHA1
8421b6580133df10d759261da6522a1707ff68f4

SHA256
9c0144c4beac7fd8651b6aabc1519266ed3c6a7740baf14f4cffa35f65eb5b17

SHA512
bd7f9001df7a6f8f235ea8bf5a226789e033331170c765f83dd3420059569b5a29d6f82a8510945b6ee5b0591057c55adbd2de5f6a7b389da0e4b7a1a99ec03a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe

Filesize
184KB

MD5
921f550b2ae318d99fe7db1d9f22787f

SHA1
7534e67cb6bb63fa7f291b9450e90c654b2b3680

SHA256
42925128901e70b359ee1463d81592b557d913519b3bbd0ff2a5e440038f9d87

SHA512
258f16a3efe69ef39f743b9a8a98d3e7f98bb9dabfc7a18c289d5c273815ea7188572299e3af77d04a94c7cf6bdb912f635b10b507e25765a57f76ab12579451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe

Filesize
184KB

MD5
25f9be0e74481c774c1fcc193e34b777

SHA1
3014b4ce6b372401fa3923fa8258284cbab72ddf

SHA256
3369fae0c1f7d9047d79953e3dd56ba5d597caab9e2d5975b5ede414d4f84e2c

SHA512
53171acae29692a57559552d3e67b70f60d0a48f399f8ed4fd9f16f6d002ba5ce7fde2e2e1659aec82e4b2a8bc04d495b1b540090c994cca3e80c3a2576aa38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe

Filesize
184KB

MD5
73048a2407252f1fd35497ed23642a1d

SHA1
5895aae73c2c2301a05444e9fe6d0b045d07a92a

SHA256
27d89a97b3b60b874da44cd6326887001d7eca5dc74272c86a7b3f2c6fc0454c

SHA512
2396a65a6079ff6586fd656b4696965d1ad4506d348a5c2fe43bb9afae2af12bc6309e25e9e35ab99727c195b0506d33aa1083682383b4e89a2d73edc368e3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe

Filesize
184KB

MD5
873dd837c839164a9c765370e24e6638

SHA1
61ed35000e1516e285e965312c23d928aae37b6c

SHA256
54e7430f96ddda5723ec7676a58c03b833f3223b5a4be5533add8007ad795189

SHA512
02db39abb35ac6bbf412c3f8d82bfccf35b34657fd773b0888ed110abbbd056ca7c41938727b37ee55170b4441b908bdbd471923f26eab8acb51992f955eba14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe

Filesize
184KB

MD5
99dac4508ed63cf4d08248d572cef314

SHA1
e8c7aad5f10d434f415bc33b55a25e26058422a9

SHA256
ad8f4989941085949f6cd470f1bc88a983f34fa2731f1d3f42c6c401b72508ee

SHA512
8215789349a2ce2a74ce31041ad033af3d789d8c2bea058204bc4086669bf23571f37084786756cd4730dc8b1069e80e2762921f0ca4661ce4c7a847e5c87e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe

Filesize
184KB

MD5
df26b8b568180d5176e99f1870413613

SHA1
31cfe5ea0fbbcd1954bb82048e7c23f4577260aa

SHA256
98eb12ba5b1e29c234912a95c39b008bc21f8905c03d1bd89686500d97895fa6

SHA512
0e677c57de89a77bbbb2b73280c2ab7a9d0b4f4bbed9970e7cf41f4ad98cbfa26cecfba422be8d4890f5454d4e488d67f22793dca24f754ed44837221898f1f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe

Filesize
184KB

MD5
4ef3048050f7dc6714bfa9aa64c4e967

SHA1
6ab8b14f9ad58f3f07f78a16a5b79201f183ff33

SHA256
4c1f8214b008fb42654ee202804ab6f90f6e98d1e3c0e4b4782a70ff48659975

SHA512
19cbe047823be8f4bb44435c7340e45cdef035e0204bcfe7e4814040288cdb2bcfb44ebab10994c9d585145f11012eefa74727b691c5d3fb5303e90fc2a668e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe

Filesize
184KB

MD5
eb8bc2a4ace5d48e9443c298059c9021

SHA1
c01ee6e96755cf8cddd99edbbb944605d98ea985

SHA256
064a67535856bf8764945be86216dd78386a3c7ac53876e1b7a62a781503f5bc

SHA512
7633617ad988813a7ac9545e2300d3186cf84512bf5d0d5af8c61ab3c70d926c763045bcf7ff305b184c77ef86ff27946f04f0be997fe27108e5951c46f3ff3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe

Filesize
184KB

MD5
23a3b3e717c39a615a073958dc675dab

SHA1
f8fd504978a608799e9c08b7d347a8ccdec25826

SHA256
04049252d21fd5df84dcb53781b564d94a2e786c906cc9257f73e50e82e787c0

SHA512
94786570017ba97bbd6116ff7ef6050ffa0c9f4ab7b724d31967bdc52b00c6527981004b39f4b1187731368382a459be2c9cf427521c6a6e91067bfb0b17550e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe

Filesize
184KB

MD5
393fc9547d46e6d5038b61cdff745635

SHA1
ae2d5da5affd42da4282a14c2ea6079a2d871268

SHA256
8dbd64b6b9c4a3b7f072dd5f511807dfcb3e39e31e5f00e030a5fd67df8fcadd

SHA512
bf89a0f67bf41b281e33087b90a82b957e4bd8df665ee21852934c5f5903d238ad0098cd5f9a35a3cc21f759d10ae80e4ed117bdebfcd3b42099fbd40ba2fc8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe

Filesize
184KB

MD5
4436fbb580c577317ca1472002d4cc26

SHA1
14dd25890a50e9e24c41307ee17d87450a44bf49

SHA256
778ecff95f5dc150d8e606e6caf9cc10e4f7ffd71c3935cecd840fc0cf460b9e

SHA512
2b20a5926029623316f34f6b3c4c188e928a9c039f72c4b6e2921071c1f06651952e035f154883ca481538a756758d09522e66935a8bfdc612dd5e894aa004e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe

Filesize
184KB

MD5
e3a4abe32b7319fc553937de4d00df13

SHA1
1a6a4e105009def37b76a89d82068e971f43ab84

SHA256
9da390f4c1a5506a634dafb288717f97a6167d66723bb6bf7f1f20b003c0f10f

SHA512
851729cd381029257b2b5b05fd4c496593a38a769d8a63e928f1cbcefa55afb33283b0a1da4bdbd4b7534e878aa2d5c5e8d730c920ee1dbac95115670ab21e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
184KB

MD5
9d745ead570587df2e0ecac87f215ad9

SHA1
93ff14b1b6bcb6eea38e7f4cda46e9cd8f8eddb0

SHA256
833fa90ce6c87810f4fd6cccf38a9ecd5b0dfcea0dd103942bfc1671496db8be

SHA512
b213916a6d95fcc09f39dc193531fef028846fbaba06582b653c82b97dc1a5f0018d5936964d7d3f7ae133133cbfd18c31e8738c8d9ff84691f6f015123a8767

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe

Filesize
184KB

MD5
3f55d8b67aad276e4bc191ff149a134f

SHA1
283224973d29512cfd1f4cd8549744676af013a4

SHA256
56018175d5a2c073b413a15cfd41c640f58a4f625988b369d5ce947bc529948f

SHA512
f785879b56e16c2670dfc038fcbaec0a50ec0770710b1791888773592624df14275c3fb803145a9e0585e0f27238cea148a6716b1fc30e168c764947bd8711e2

Download Submit
memory/3584-3372-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17324-3052-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads