071ae7b6c38bd93433eff91621a9326d3781cddd634315f87b9116f96ced705f

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe
Size

184KB
MD5

22ef8322562ada8c518034af787f1a60
SHA1

ca7b65aee885adae857b40c77906a2414ca485ad
SHA256

071ae7b6c38bd93433eff91621a9326d3781cddd634315f87b9116f96ced705f
SHA512

97b93f5dbfbb84be9e990f807766bd98b23d3bef1b334fad8584ef834e1aaa40e45b2572765240cbf635ddaef74be7c17027b58f9b88967a10c9b0c3056de7a1
SSDEEP

3072:peyiEo1qnQbd6vAW0Vgboi16vMqEvFuln3:ptoXB6vUgci16EqEvFul

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
452	Unicorn-25869.exe
1628	Unicorn-58157.exe
1444	Unicorn-39168.exe
4344	Unicorn-25693.exe
4256	Unicorn-23040.exe
1544	Unicorn-42906.exe
2072	Unicorn-52043.exe
4292	Unicorn-56074.exe
2156	Unicorn-34947.exe
1888	Unicorn-29754.exe
4832	Unicorn-39960.exe
3200	Unicorn-46090.exe
4848	Unicorn-12960.exe
4192	Unicorn-58897.exe
4576	Unicorn-6624.exe
4304	Unicorn-26490.exe
4296	Unicorn-22768.exe
1760	Unicorn-9577.exe
3964	Unicorn-3255.exe
1220	Unicorn-42909.exe
2668	Unicorn-43713.exe
3268	Unicorn-27450.exe
4156	Unicorn-43786.exe
448	Unicorn-37656.exe
4484	Unicorn-10921.exe
3476	Unicorn-10921.exe
3448	Unicorn-23728.exe
2992	Unicorn-7200.exe
5084	Unicorn-18135.exe
1512	Unicorn-12857.exe
3496	Unicorn-58337.exe
536	Unicorn-12665.exe
1796	Unicorn-22871.exe
3356	Unicorn-12473.exe
3640	Unicorn-22679.exe
2360	Unicorn-61482.exe
4516	Unicorn-61482.exe
756	Unicorn-44497.exe
3308	Unicorn-24896.exe
4976	Unicorn-14201.exe
2864	Unicorn-14201.exe
5044	Unicorn-21415.exe
3664	Unicorn-59297.exe
936	Unicorn-31306.exe
2732	Unicorn-21632.exe
2236	Unicorn-54570.exe
1064	Unicorn-5177.exe
1936	Unicorn-12384.exe
1028	Unicorn-50657.exe
4460	Unicorn-4985.exe
796	Unicorn-20253.exe
4376	Unicorn-50465.exe
736	Unicorn-31335.exe
1264	Unicorn-21130.exe
4368	Unicorn-21130.exe
4252	Unicorn-13738.exe
3988	Unicorn-19869.exe
5056	Unicorn-1072.exe
3260	Unicorn-17216.exe
5032	Unicorn-41690.exe
1332	Unicorn-12224.exe
2396	Unicorn-17290.exe
220	Unicorn-9898.exe
4164	Unicorn-29904.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
11620	7284	WerFault.exe	300
12500	7324	WerFault.exe	305
3816	16236	WerFault.exe	794
4716	18308	WerFault.exe	879
6704	17492	WerFault.exe	889
18940	18168	WerFault.exe	914
19240	1272	WerFault.exe	907
19324	18068	WerFault.exe	874
18120	3104	WerFault.exe	909

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6408	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18176	Process not Found
Token: SeChangeNotifyPrivilege	18176	Process not Found
Token: 33	18176	Process not Found
Token: SeIncBasePriorityPrivilege	18176	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe
452	Unicorn-25869.exe
1628	Unicorn-58157.exe
1444	Unicorn-39168.exe
4344	Unicorn-25693.exe
4256	Unicorn-23040.exe
1544	Unicorn-42906.exe
2072	Unicorn-52043.exe
4292	Unicorn-56074.exe
2156	Unicorn-34947.exe
4832	Unicorn-39960.exe
4192	Unicorn-58897.exe
1888	Unicorn-29754.exe
4848	Unicorn-12960.exe
3200	Unicorn-46090.exe
4304	Unicorn-26490.exe
4576	Unicorn-6624.exe
4296	Unicorn-22768.exe
1760	Unicorn-9577.exe
3964	Unicorn-3255.exe
2668	Unicorn-43713.exe
1220	Unicorn-42909.exe
448	Unicorn-37656.exe
4156	Unicorn-43786.exe
2992	Unicorn-7200.exe
5084	Unicorn-18135.exe
3268	Unicorn-27450.exe
3476	Unicorn-10921.exe
3448	Unicorn-23728.exe
4484	Unicorn-10921.exe
1512	Unicorn-12857.exe
3496	Unicorn-58337.exe
536	Unicorn-12665.exe
3356	Unicorn-12473.exe
1796	Unicorn-22871.exe
3640	Unicorn-22679.exe
2360	Unicorn-61482.exe
4516	Unicorn-61482.exe
756	Unicorn-44497.exe
3308	Unicorn-24896.exe
2864	Unicorn-14201.exe
4976	Unicorn-14201.exe
5044	Unicorn-21415.exe
3664	Unicorn-59297.exe
936	Unicorn-31306.exe
2732	Unicorn-21632.exe
1064	Unicorn-5177.exe
2236	Unicorn-54570.exe
1936	Unicorn-12384.exe
1028	Unicorn-50657.exe
4460	Unicorn-4985.exe
796	Unicorn-20253.exe
1264	Unicorn-21130.exe
5056	Unicorn-1072.exe
3988	Unicorn-19869.exe
736	Unicorn-31335.exe
4376	Unicorn-50465.exe
3260	Unicorn-17216.exe
4368	Unicorn-21130.exe
4252	Unicorn-13738.exe
5032	Unicorn-41690.exe
1332	Unicorn-12224.exe
2396	Unicorn-17290.exe
220	Unicorn-9898.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 452	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	88
PID 4080 wrote to memory of 452	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	88
PID 4080 wrote to memory of 452	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	88
PID 452 wrote to memory of 1628	452	Unicorn-25869.exe	91
PID 452 wrote to memory of 1628	452	Unicorn-25869.exe	91
PID 452 wrote to memory of 1628	452	Unicorn-25869.exe	91
PID 4080 wrote to memory of 1444	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	92
PID 4080 wrote to memory of 1444	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	92
PID 4080 wrote to memory of 1444	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	92
PID 1628 wrote to memory of 4344	1628	Unicorn-58157.exe	95
PID 1628 wrote to memory of 4344	1628	Unicorn-58157.exe	95
PID 1628 wrote to memory of 4344	1628	Unicorn-58157.exe	95
PID 452 wrote to memory of 4256	452	Unicorn-25869.exe	97
PID 452 wrote to memory of 4256	452	Unicorn-25869.exe	97
PID 452 wrote to memory of 4256	452	Unicorn-25869.exe	97
PID 1444 wrote to memory of 1544	1444	Unicorn-39168.exe	98
PID 1444 wrote to memory of 1544	1444	Unicorn-39168.exe	98
PID 1444 wrote to memory of 1544	1444	Unicorn-39168.exe	98
PID 4080 wrote to memory of 2072	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	99
PID 4080 wrote to memory of 2072	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	99
PID 4080 wrote to memory of 2072	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	99
PID 4344 wrote to memory of 4292	4344	Unicorn-25693.exe	100
PID 4344 wrote to memory of 4292	4344	Unicorn-25693.exe	100
PID 4344 wrote to memory of 4292	4344	Unicorn-25693.exe	100
PID 1628 wrote to memory of 2156	1628	Unicorn-58157.exe	101
PID 1628 wrote to memory of 2156	1628	Unicorn-58157.exe	101
PID 1628 wrote to memory of 2156	1628	Unicorn-58157.exe	101
PID 4256 wrote to memory of 1888	4256	Unicorn-23040.exe	102
PID 4256 wrote to memory of 1888	4256	Unicorn-23040.exe	102
PID 4256 wrote to memory of 1888	4256	Unicorn-23040.exe	102
PID 452 wrote to memory of 4832	452	Unicorn-25869.exe	103
PID 452 wrote to memory of 4832	452	Unicorn-25869.exe	103
PID 452 wrote to memory of 4832	452	Unicorn-25869.exe	103
PID 1544 wrote to memory of 3200	1544	Unicorn-42906.exe	104
PID 1544 wrote to memory of 3200	1544	Unicorn-42906.exe	104
PID 1544 wrote to memory of 3200	1544	Unicorn-42906.exe	104
PID 4080 wrote to memory of 4848	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	105
PID 4080 wrote to memory of 4848	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	105
PID 4080 wrote to memory of 4848	4080	22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe	105
PID 1444 wrote to memory of 4192	1444	Unicorn-39168.exe	106
PID 1444 wrote to memory of 4192	1444	Unicorn-39168.exe	106
PID 1444 wrote to memory of 4192	1444	Unicorn-39168.exe	106
PID 2072 wrote to memory of 4576	2072	Unicorn-52043.exe	107
PID 2072 wrote to memory of 4576	2072	Unicorn-52043.exe	107
PID 2072 wrote to memory of 4576	2072	Unicorn-52043.exe	107
PID 4292 wrote to memory of 4304	4292	Unicorn-56074.exe	108
PID 4292 wrote to memory of 4304	4292	Unicorn-56074.exe	108
PID 4292 wrote to memory of 4304	4292	Unicorn-56074.exe	108
PID 4344 wrote to memory of 4296	4344	Unicorn-25693.exe	109
PID 4344 wrote to memory of 4296	4344	Unicorn-25693.exe	109
PID 4344 wrote to memory of 4296	4344	Unicorn-25693.exe	109
PID 2156 wrote to memory of 1760	2156	Unicorn-34947.exe	110
PID 2156 wrote to memory of 1760	2156	Unicorn-34947.exe	110
PID 2156 wrote to memory of 1760	2156	Unicorn-34947.exe	110
PID 1628 wrote to memory of 3964	1628	Unicorn-58157.exe	111
PID 1628 wrote to memory of 3964	1628	Unicorn-58157.exe	111
PID 1628 wrote to memory of 3964	1628	Unicorn-58157.exe	111
PID 4832 wrote to memory of 1220	4832	Unicorn-39960.exe	112
PID 4832 wrote to memory of 1220	4832	Unicorn-39960.exe	112
PID 4832 wrote to memory of 1220	4832	Unicorn-39960.exe	112
PID 452 wrote to memory of 2668	452	Unicorn-25869.exe	113
PID 452 wrote to memory of 2668	452	Unicorn-25869.exe	113
PID 452 wrote to memory of 2668	452	Unicorn-25869.exe	113
PID 4192 wrote to memory of 3268	4192	Unicorn-58897.exe	114

C:\Users\Admin\AppData\Local\Temp\22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22ef8322562ada8c518034af787f1a60_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        10⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        10⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        10⤵
        
        PID:18720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
        10⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        9⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28657.exe
        9⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        9⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        9⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        10⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        10⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        9⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        9⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        9⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        8⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
        8⤵
        
        PID:18068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18068 -s 520
        9⤵
        Program crash
        
        PID:19324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        10⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        10⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        10⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        9⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        9⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        9⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        9⤵
        
        PID:19136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        8⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
        8⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        8⤵
        
        PID:18552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        8⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
        9⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        9⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        9⤵
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        8⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        8⤵
        
        PID:18768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        7⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        7⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        9⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        9⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        8⤵
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
        7⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        9⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        9⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        8⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        8⤵
        
        PID:18968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        8⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
        8⤵
        
        PID:19256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        8⤵
        
        PID:19252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
        7⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        7⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        7⤵
        
        PID:19180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        6⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        9⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        9⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 464
        10⤵
        Program crash
        
        PID:19240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        8⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        8⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
        8⤵
        
        PID:17828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18047.exe
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        7⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34890.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11548.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        9⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        9⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        9⤵
        
        PID:19364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        8⤵
        
        PID:18996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        7⤵
        
        PID:18652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        7⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        7⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        8⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        8⤵
        
        PID:18512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        8⤵
        
        PID:19084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        7⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        7⤵
        
        PID:18800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        7⤵
        
        PID:19328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        7⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        7⤵
        
        PID:19064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        6⤵
        
        PID:728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        7⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        7⤵
        
        PID:19224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        7⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21840.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        6⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        5⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        5⤵
        
        PID:18936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        9⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        9⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        8⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        8⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        8⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        8⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        6⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        8⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        8⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        8⤵
        
        PID:19020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        7⤵
        
        PID:19252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        7⤵
        
        PID:18952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        6⤵
        
        PID:19036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        6⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        8⤵
        
        PID:18732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        7⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        7⤵
        
        PID:18604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        7⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        6⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        5⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        6⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
        6⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        5⤵
        
        PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        9⤵
        
        PID:19208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        8⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        8⤵
        
        PID:19196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        8⤵
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        7⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        7⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        7⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        6⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21840.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        6⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        6⤵
        
        PID:18192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        5⤵
        
        PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51306.exe
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        7⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        7⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        7⤵
        
        PID:19040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        7⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        6⤵
        
        PID:18056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        5⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        5⤵
        
        PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62954.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        6⤵
        
        PID:18588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55535.exe
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
      4⤵
      PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
      4⤵
      PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        9⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        9⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        9⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        8⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35937.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        7⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        7⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57245.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        8⤵
        
        PID:19076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        7⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        7⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        6⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        7⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        7⤵
        
        PID:19120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        6⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        6⤵
        
        PID:18620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        8⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        8⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        7⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
        6⤵
        
        PID:19304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        6⤵
        
        PID:19216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        6⤵
        
        PID:19352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        7⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        7⤵
        
        PID:18760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        6⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        7⤵
        
        PID:18964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        6⤵
        
        PID:18632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        5⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        5⤵
        
        PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        5⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        5⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        5⤵
        
        PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        5⤵
        
        PID:8776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 636
        5⤵
        Program crash
        
        PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
      4⤵
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
      4⤵
      PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
      4⤵
      PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
      4⤵
      PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        6⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        8⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        7⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        7⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        7⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
        6⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        5⤵
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        5⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        7⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        7⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        5⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10628.exe
        5⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        6⤵
        
        PID:18752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        5⤵
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        5⤵
        
        PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
      4⤵
      PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
      4⤵
      PID:6688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        7⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        7⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        5⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41133.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27158.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        5⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41448.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        5⤵
        
        PID:19160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        5⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
      4⤵
      PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
      4⤵
      PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
      4⤵
      PID:16324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21415.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3833.exe
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        6⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        5⤵
        
        PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        5⤵
        
        PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
      4⤵
      PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
      4⤵
      PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
      4⤵
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
    3⤵
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
      4⤵
      PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
      4⤵
      PID:16060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
      4⤵
      PID:17876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
    3⤵
    PID:9264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34395.exe
    3⤵
    PID:12700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
    3⤵
    PID:17044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
    3⤵
    PID:6120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        9⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        9⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        8⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32570.exe
        8⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
        8⤵
        
        PID:18716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        7⤵
        
        PID:17704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        7⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25866.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        8⤵
        
        PID:19388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        8⤵
        
        PID:19132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
        7⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        6⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        7⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        6⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        5⤵
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 488
        6⤵
        Program crash
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        7⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        7⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24935.exe
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        7⤵
        
        PID:19044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        6⤵
        
        PID:18160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:19112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        6⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        6⤵
        
        PID:19100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        5⤵
        
        PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        7⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        6⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        5⤵
        
        PID:7324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 488
        6⤵
        Program crash
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        5⤵
        
        PID:18488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        5⤵
        
        PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        5⤵
        
        PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
      4⤵
      PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
      4⤵
      PID:18168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18168 -s 464
        5⤵
        Program crash
        
        PID:18940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
      4⤵
      PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        8⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        7⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
        6⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        7⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57208.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        6⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22416.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        6⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        7⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        6⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        6⤵
        
        PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        5⤵
        
        PID:18116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        5⤵
        
        PID:18564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
      4⤵
      PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
      4⤵
      PID:11516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
      4⤵
      PID:19168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        7⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        6⤵
        
        PID:19140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        5⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        5⤵
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        5⤵
        
        PID:19004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
      4⤵
      PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
      4⤵
      PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
      4⤵
      PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        6⤵
        
        PID:16236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16236 -s 436
        7⤵
        Program crash
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        6⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        5⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        5⤵
        
        PID:18448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        5⤵
        
        PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      4⤵
      PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
      4⤵
      PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
        5⤵
        
        PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
      4⤵
      PID:16408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
    3⤵
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
      4⤵
      PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
      4⤵
      PID:19012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
    3⤵
    PID:9312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
    3⤵
    PID:12872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
    3⤵
    PID:17052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30317.exe
        8⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        8⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        8⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        8⤵
        
        PID:19016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        7⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        6⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        6⤵
        
        PID:19292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        6⤵
        
        PID:19144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        6⤵
        
        PID:19132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        6⤵
        
        PID:19412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        5⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        5⤵
        
        PID:19060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4788.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
      4⤵
      Executes dropped EXE
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        7⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
        5⤵
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        5⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        5⤵
        
        PID:19440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
      4⤵
      PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
      4⤵
      PID:15608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
      4⤵
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        6⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59841.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        5⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20558.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
      4⤵
      PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
      4⤵
      PID:632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
    3⤵
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
      4⤵
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        5⤵
        
        PID:19040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
      4⤵
      PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
      4⤵
      PID:15948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7319.exe
    3⤵
    PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
      4⤵
      PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
      4⤵
      PID:18980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
    3⤵
    PID:9052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
    3⤵
    PID:12964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
    3⤵
    PID:16056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
    3⤵
    PID:6444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        7⤵
        
        PID:19092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        6⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        6⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        6⤵
        
        PID:19124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        6⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        5⤵
        
        PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        5⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        5⤵
        
        PID:18308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18308 -s 436
        6⤵
        Program crash
        
        PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
      4⤵
      PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
      4⤵
      PID:18648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        5⤵
        
        PID:18132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
      4⤵
      PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
      4⤵
      PID:18576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      4⤵
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
    3⤵
    PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        5⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
      4⤵
      PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
      4⤵
      PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
      4⤵
      PID:17268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
    3⤵
    PID:7364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
    3⤵
    PID:10064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
    3⤵
    PID:12984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
    3⤵
    PID:17696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        6⤵
        
        PID:18500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        5⤵
        
        PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        5⤵
        
        PID:19380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
      4⤵
      PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
      4⤵
      PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        5⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        5⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
      4⤵
      PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
      4⤵
      PID:17660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
    3⤵
    PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
      4⤵
      PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
      4⤵
      PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
    3⤵
    PID:9228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
    3⤵
    PID:11592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
    3⤵
    PID:17060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
    3⤵
    PID:7048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        5⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55974.exe
        5⤵
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
      4⤵
      PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
      4⤵
      PID:19072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
    3⤵
    PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
      4⤵
      PID:216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
      4⤵
      PID:17492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17492 -s 472
        5⤵
        Program crash
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
      4⤵
      PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
    3⤵
    PID:10944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
    3⤵
    PID:14744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43717.exe
    3⤵
    PID:3292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
    3⤵
    PID:19248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
  2⤵
  PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
      4⤵
      PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
      4⤵
      PID:860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
    3⤵
    PID:12864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
    3⤵
    PID:16116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
    3⤵
    PID:2004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
  2⤵
  PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
    3⤵
    PID:12428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
    3⤵
    PID:16292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
  2⤵
  PID:9572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
  2⤵
  PID:13720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
  2⤵
  PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7284 -ip 7284
1⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7324 -ip 7324
1⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 17236 -ip 17236
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 18068 -ip 18068
1⤵
PID:19340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:6408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe

Filesize
184KB

MD5
b6ef437a06ce6239415313e7a16409b7

SHA1
6e440386a2508142e33b973caf89c67866570b0c

SHA256
d2fa111cce8eeb732c01022eee16022e47493ec0463bca62f2fbda4210c8f459

SHA512
9d9310ed459d891cfbf5873dfe01d4ec92f62b8bd4154dbc36b2f4c38de45feee4ea7a54fedda6a99d614c5f61ee3e015d1e9b3aa6b52b10d6a6abed9b3cfe37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe

Filesize
184KB

MD5
bb9e6800289c4feba01f68e1bf7205e6

SHA1
a2df16b726a15fd031954ea325640266f6dff2a5

SHA256
99d65df82a2c54346ebc45d5c011109c8c3399acbc96c8c6d45cefada5d79041

SHA512
54813f73d08a2feebf0287ee230428a7ed3dc6a01e04b1bc846d19b887e3235df61ea85a70392f0bbfa4c9e3fedf48373c517cd88d8dcd6814c4d8d785380d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe

Filesize
184KB

MD5
2cfb6abb4ea2fbb6442e6f8a8839aa88

SHA1
3d81d1388797cb1ce592404725a78eaf935dea70

SHA256
4205bb19e3a9af3643f3b7b6c9b39d0c8bf5f9c588ce09ceffa45908d741af67

SHA512
34be8c440d64dd240a1bec98d6e7ae28f5ffa810a2ecb287af77fbe5a20802eb6e27cbce648fca364efc0e6d5b04a6f1b68f953c518662a01e8c3b49accfc45d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe

Filesize
184KB

MD5
af0767e7570d1cde470303aa9b380b2b

SHA1
2c56044eda5adf9f3a208b6dc5853cba33d548ba

SHA256
ce409491f5ea9504764bc98f90f30f8741a8a4d57e16b85e56e31f477f39af72

SHA512
d3b5861a1175f3c7297007b63d1a8d92523cea5e179383b35f3ab77052f84a180c5f6d2a2356ca6dd4ae65401d6e972cadadefab15fd4e510fa640b87202bcb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe

Filesize
184KB

MD5
219747bd1f91953e50fb7936047a13e5

SHA1
e3ebd7dc04830b49a7ed9548ea82b31377c2e16e

SHA256
ea0f14c8d99f673db9fce81b108bff5923ac48bcc466b6b3390d8768a08bc8f0

SHA512
4e8bd0066dd565908014e2f8bc56bb3e35d0c814698198e7800b881837c53bd78c6122b41934f77ad4a6647b48b268c8865a045426cc004d7ced6915589dce42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe

Filesize
184KB

MD5
10ed658d494504f0243b9ebc9e4cd4c3

SHA1
5b448c57ed7590c03ab2e91b0f5af72c9ea8ec41

SHA256
f209383e25f10b1771a7878f60ec8f36af9ce35108dd0e2c5c69f95268f6cec2

SHA512
6946458c624f58ce83c12421f7bca4a9e452342b5816a870598f22ebcef762709e7e23306f2591b6eff074ee6974d446c2d02ef704558a8634c1b7973c6600ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe

Filesize
184KB

MD5
75bde1dd51b199dff629deba7babfff7

SHA1
17e06136591cc13e84644b8b0463777457924d0c

SHA256
a26290b62f5e8598a7cf94668024fadef6f3a616b80a05231219e8721d57716d

SHA512
d2b885cb8553dd0b940e4b1138e461c33fe2604ade530f04eb6762e2a4fca60b93cc3252f044caac46b18071c388aca37fa5267f013bc5f1bb3393f11b4a254b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe

Filesize
184KB

MD5
b48f3876c1a67c1e7f0f615cdba0b8e6

SHA1
e8dbbeafbf64ae04cc98a077ec2d7feace63c23c

SHA256
109e8aa6c6d66c3a05ff2205e6f6790a6062ba36dec84b9682cb51263e116100

SHA512
20f9e7f7b429f4b8d64b9c3a579dd423afee82491f93cd509e9371f842786a54b816c259f7b8afbe6bc34d42f7ad0e1f4d6118099d1909adab3f7c453c4582e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe

Filesize
184KB

MD5
80ddc38ad16aa4f2ba47d1426fe60aa2

SHA1
cd2915ba167566a8c237a53d299802659cab9bc7

SHA256
3be0f30d8f3149b1e7283f7efecb7e0791f3c6484a3023c43f02f33a164341aa

SHA512
9be9fe76b03b0b2423b6a833f56431d66e846079d8922a23e8a021571e44315f95d7b47888ca3e589c43cd07c13a95985ffbb8bf0b74c7610cb4950ee408afff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25693.exe

Filesize
184KB

MD5
c774fc2f658a09971a85027c4390cfbe

SHA1
13fef219a74ec8f9a97a72ee1f5c03b95817eb05

SHA256
d6f3a90e6dfbdfa534b8638920be24b2ae730ace6973dfa27b11418336700140

SHA512
7e2624eb45a67ad21ce8641fde4ef948a5094b2673ccf2bcefe4f79b5299acca8c3be783f383c1c13978475c368706d92e937281a0853fe98d8dd777ae955175

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe

Filesize
184KB

MD5
3259416c506a723b0e90aaec99274cac

SHA1
8440c232251ac4b9e105d14dec0db0dc8a0ef60c

SHA256
ff5730b9e040853b7117652302c6c3994f0b3fe9a92bc74d9608cbbd80b3c5af

SHA512
7253c16dd07b24a6eac0ee5e2c03d5e0c23b69730acb545797d850e66358e6710b5614f26865dd86e4107289432262a7cedaea5e8eb5b6358f4a938845ec9c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe

Filesize
184KB

MD5
098ea1d85b3954318b86d9d31c207858

SHA1
be15792ee87297470008c87809929dcd4a1773c5

SHA256
e36d1353393f37a5265c71b170dce19d1c5e63239a03345cd64725e3c3a32d5e

SHA512
927e79d49ccf387106c8fdce4135b404962b1433a184d748b72c9a85645144e52cf77789a164af5a1cdc62c3336a0882a1acc9aa688e2503a196c95ee91cb2b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe

Filesize
184KB

MD5
56fcdf67a2e2b22732b6ee8dc5d8e4b1

SHA1
cbc17bbee78ba98158dc9a65964f6b1400603db0

SHA256
ec3b3e0214e323f6ecf8de87b39efadaac7861bb204c84db3c8c037eca6af586

SHA512
581678563bc757eb578b817a7857bf46f56a6a6f5bc7e546d1fbab5f8d95c794948fd440bba544918369e78132f273c912b2fc30e2c4ca56d0dc14e71e6df356

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe

Filesize
184KB

MD5
2c59146a66a7153d182fa7425b7953e3

SHA1
be309dcc7685b6336ec81788f68101be10e90a57

SHA256
388cfe1d64fa44ad5ec4c15dbe56626fd2195e5644e2199175bb0d2169e06019

SHA512
9e71956a2dde0104c85e1c5db0c100525344ff722ab2abd957a32a5203afc5740925f58c7b1c5c455eeb68eb0b0b2c4b70315f73d4c442399c6a2942f522df8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe

Filesize
184KB

MD5
5552362785cb6274422176b38c1e0b12

SHA1
ec747baeab951e09eb8dbe662f8bd889b7c6ef9b

SHA256
87a4aa258e45484f7a50b6ea75e977c1f594e270bfafaee924c4cd489014faf4

SHA512
815ef86b53c792b3d0d533862614913ac53461f5281bd675af6af0d053a4c7e07424d7c06862005d9374c2a5028c5e646af75421a6f05344f1155a3eb8df851c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe

Filesize
184KB

MD5
f7491486ce04f1889dfdfec89124ab82

SHA1
ecbc82b3f5eef5638a71450f0d29c95da1515b3a

SHA256
ea200b44229e56db9b82b429f5da7ee15547ce5b88950edd0b4d84921c9c8c00

SHA512
6f96fac67e71c9d1fca2ef10500915e7561a954506a79500d674f10a7567573dca47fe968b44361334a1764425b3d6a65bdd7380435947db6015385c63214104

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe

Filesize
184KB

MD5
537057d094f9964c6ae3341b44a89f6c

SHA1
7d97d7dc65cb435131d70aac89b209a6c2ca64b9

SHA256
ce3514df840fb789632d25a0fc88f84796f57dbf491a8bccdb3af65e5df5572d

SHA512
7244f6f9e8f9e0b5bd9b6a1fb4234192fcec7e32fce6dcf68efd31a94310738c670493a01d3eb7130dc5279ffa6e991cecdc647b7dbe28905daf28cda12f2655

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe

Filesize
184KB

MD5
17bffebe82cb78c18fad5c73ce5adf72

SHA1
896c79d842c85e76d9aa5aa3fff447328450a79f

SHA256
82372bb98b04971bed58067a9e1d45b681c3616d69a0f145b7ab2b84ca768651

SHA512
5fcb87e889fd04f274fd8a2c4802cdc954e0c3b090cca7a04772ff311cb70ab0a9e8d91e1f8ea9035d23ebef2cf649c955c11007973e5d6edcdb8fb31f1f738a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe

Filesize
184KB

MD5
1cd4713b363dee7b8fcc1630ffd1def8

SHA1
d1fb331189c6a55b21a56eb3082c620c0cb9ccb4

SHA256
d13ad9e1b18ddadb14215e24d6ac729c087a9d1f402badeedbdb5e2c98060f12

SHA512
5fc1e030dc399c8e8d3cbeacb326dd66ba7e755dd7fba1b4c8a720b9e412f1bcb5150409f5be7014d6df46a670d9b172e57b87ea0c7e438a594f6197ab12650b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe

Filesize
184KB

MD5
a03cc55b029b7623bf7db2084b450708

SHA1
18ce19b53e201a799d4131b40b1c7875416f2d55

SHA256
9c695ebc16f87ffbac67ada7f50c411476347989ca3164e79354a5171528dcb8

SHA512
4d168aa2d9066ad68f8c8b66d955bc5471b7d2ce23e730736423403ecd6553713afff8e2fc929f44eaa04ce9c22d4eda4fe53014f6dc67da85b8b3a2274ab970

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe

Filesize
184KB

MD5
e609cc8e2eba266d78cb4b804ef31935

SHA1
d0874575bbeecc9606aee4319a0303ff5773abea

SHA256
13331ba116e405d3d1e89f5ca042c9b5c73223db66ea64f8e04bcc270ee93d08

SHA512
66c5be2cac1ccde8db4c6defad564c23d28c1595f593fcc217ba5342a582deef68744a353b6bec7d710952474a160a6a2276ce3defbcbb73de2695747da0af10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe

Filesize
184KB

MD5
cde701c83ba6fac4805ba7a762f1d567

SHA1
88f15556993dc740f793e41f8af07d3138036347

SHA256
1ddeba6cd7794878f45d427e944fc49f10fa24a9512a0a09966e14e31007ddee

SHA512
3bccd62f2c696dc79839ef8b734b73a826704b8d824c1b6049f416c970f9b793f013e8732bcd3121a863e5be1a75d588d989778e81178061a6681506f441f0bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe

Filesize
184KB

MD5
1f872ae207bd1e7257a84039bfc1000f

SHA1
3b031d3a2d777693499dc965c12fa54cb0527f64

SHA256
ea8282b94e80dc3f3ace67048f99c1e0983a4d0382c216f63ec7629fd7c8fb49

SHA512
bd7e4abccfa684ae061422698a58811b6472a56c772b53d17467e075eb9351e7a89da3a47641e517f29caadd330baaeb1fabc906e1ea7c3cf1be2e6fcdfd51c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe

Filesize
184KB

MD5
8e73d99b02286ed83a095b15bc55ffaf

SHA1
74089fd716ecdba372c126ff58324cc6ac2cfb07

SHA256
159598aeec36cdb3887caa02e9917841f3687a4f195b77070b2c9d1b9c0ac0d2

SHA512
2ff486017ebecbb4fe7ef1751e72492dffbf32a9bd187c053af332c3acfc89b5eb3cf3fca12949524dadc6de42ef66d846f80227181a697711b3772cdff3ff98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe

Filesize
184KB

MD5
fececd51e1e6f62c94bcc2e812c96cc9

SHA1
f33fd1795bb42f618acf766cc8a9b9ff88edb43e

SHA256
0b051fbb40c686fe910fba39e516f2faa11ce40cdfcd359e69dec6b5f47ea00e

SHA512
3e3715894989e7213317e10adad91bc7a8912c99d122e6c8480599057a5e3cdea6db3d2e9e895eccbdb6655a78676781ecee59971309eed3502da90de2ac141a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe

Filesize
184KB

MD5
1a4c6291eb406b49caade55fc2e5dec3

SHA1
d5e296a5fe421ed0a428a77ee3c694f98658afa1

SHA256
783739652121f132b2ddf98e817b00135c9cfbdf73eeafc5b4a67fcfe62be5cc

SHA512
689e49be832383c89db3a9771a9494e1abf293e6015db0358d987355e83e62c7ca7a0b777fb217652bfbb71484f1c3048e4a649c1cfd4944d3b53ea998e485dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe

Filesize
184KB

MD5
2ab70b2afa0ff0a774daa90c5d402c2b

SHA1
24757a07a83f43d86493098669a0a6c252245c39

SHA256
98632a0749a8c51fd902d85139e98c95b79ee386e19c9277454d966290895580

SHA512
4a8ded108ba2a6fbb6ed2dde126a7b50b6be34772f153cd8ec75431b72caec50b2090e3901153234f101e791f8feae207c27913f1fecc053bba5cf14a0b9637e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe

Filesize
184KB

MD5
7387fd09659bf42f0bba6622526104b7

SHA1
539a3ebfbe08ad334d4eddbc2668c3536c98a6d9

SHA256
4bdc16374532eb6c812fe5be3e9792b2b0f1413cb134d14e7c10596d81bdb9b3

SHA512
14dae9a129e58fe79ad85c07b2f0cf89a5548940d1687424313a71248309ca969882594cedb18989d197c6a3359d096166ede643351c7ec501f289675be35b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe

Filesize
184KB

MD5
ccc73e87dd3d4d12efe7ac93c37660fa

SHA1
98009f468f90654972164991980eb77328008004

SHA256
de98ce646fe1a947bef77d1fc16ae35aa6408eb3087c2b5ded1531751590d602

SHA512
bac1af4e8d24f48e12ee5b057cbdc86d287b5a25d55fbd99e3a1d07a187932c2b791ffb50b0ef9d5783280441ed7f53b11161ac49492195771e7999065dbbdc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe

Filesize
184KB

MD5
5aba1265b645fc0deb608a427e4cdeec

SHA1
78ae9e6fe218d7ab4bf154872e5965a7bb8a11bc

SHA256
9ed16e1c70a4559e944dae8af18af9827396376b18c20e92165248257b0adca8

SHA512
588bdad6f9cf6f51879f0433e28be443aabf6aabaecb638bd2dd5cf6c59a86004e02a5153a8dfc7f03719b8e2de9e82a56b0467bbf3ed2eb9358b49157279b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe

Filesize
184KB

MD5
56a28fc44e55f306299a953675f243fe

SHA1
4182014e5a27d96583bb96bf7436ba1f74c7ad1d

SHA256
4d2f821a9d83ef6b6af58cb96d9a92ab5f1cb2ef01404d50a5d860f4865e4cb7

SHA512
224509b4628191bee3188fd520a190b47a7c6ce73bb517699d042f510664831706ebb2467b63b5ef31a0c28848fcc386c26d9bc78438c65b24ec00e90ef3ad3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe

Filesize
184KB

MD5
c0c4c55002ad14522264044767818f05

SHA1
5bb975abd4f668979bca2f26d0af7d0375026af1

SHA256
fd6cc867631fb95401b6ee654f00e861022b7c08e135111b90b5e19aee3c2509

SHA512
c272a67085a1ffc9f3520cd1bfb96ba91c10c9c42623c87a78d73320d2e5fbc249316f5e3c1d487dca7aadbc518a4502eb67505fb9fb39545694ce56a6d1ec21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe

Filesize
184KB

MD5
0b73a4c858dccf7b03d48d501a5f933f

SHA1
06490504e1949884464ef056eb86967131100b4f

SHA256
ef74d06c5f837ed3bb3a63bc2ea4468ea42f9a6dd47d6c67fd816a8f955d98e3

SHA512
e46c955fd3f4bcc2acb860d516c352de9264f28554db27e15ba9af9140c1cec42c8ef085377856119d9e4f6f274b668e61dca1380891511c466427cb82df4ab0

Download Submit
memory/1040-3361-0x00000000754A0000-0x000000007555F000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads