56c4495f7c88ab2a638f369f35950a8c8511589136afe2b017ceafc318cda2ca

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe
Size

184KB
MD5

42aae421abd60c8b9cd725e21e34a5f0
SHA1

b0002ead71c700e5e2922b9834b494f44de955be
SHA256

56c4495f7c88ab2a638f369f35950a8c8511589136afe2b017ceafc318cda2ca
SHA512

66a8bc78e8f39aa61bc76550ae1dcb07437c3b6da9509a1cbb0bb25f22b5b4de44cf154da087f2dc41089c032d4e8740aa1df9161614e2c01c98b71d4a1141f8
SSDEEP

3072:9Gb7obonROFsu4PZ3pKn5Rr2Klvnqnxiu1:9GAoWz4P0552KlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4324	Unicorn-61937.exe
4032	Unicorn-13888.exe
2072	Unicorn-63644.exe
2852	Unicorn-8818.exe
1840	Unicorn-27847.exe
3272	Unicorn-47713.exe
412	Unicorn-10856.exe
3304	Unicorn-16733.exe
756	Unicorn-16733.exe
1972	Unicorn-35761.exe
4896	Unicorn-55627.exe
856	Unicorn-49497.exe
1456	Unicorn-55627.exe
380	Unicorn-24636.exe
4184	Unicorn-5035.exe
848	Unicorn-53250.exe
5104	Unicorn-7578.exe
1512	Unicorn-54449.exe
3476	Unicorn-58533.exe
3808	Unicorn-58533.exe
3212	Unicorn-63385.exe
4428	Unicorn-43519.exe
4388	Unicorn-30612.exe
5088	Unicorn-30612.exe
4928	Unicorn-27812.exe
4588	Unicorn-36478.exe
2068	Unicorn-16877.exe
1236	Unicorn-16877.exe
4492	Unicorn-33235.exe
636	Unicorn-52264.exe
1572	Unicorn-462.exe
3420	Unicorn-11252.exe
4288	Unicorn-26197.exe
2892	Unicorn-38279.exe
2956	Unicorn-42098.exe
4216	Unicorn-46447.exe
220	Unicorn-46447.exe
1828	Unicorn-50531.exe
956	Unicorn-50531.exe
4464	Unicorn-50531.exe
4700	Unicorn-8107.exe
4576	Unicorn-56653.exe
5076	Unicorn-19805.exe
2536	Unicorn-23889.exe
3112	Unicorn-60737.exe
2144	Unicorn-1065.exe
4884	Unicorn-41401.exe
4860	Unicorn-47002.exe
4704	Unicorn-23126.exe
1824	Unicorn-12191.exe
1640	Unicorn-60737.exe
1552	Unicorn-14521.exe
232	Unicorn-5606.exe
1504	Unicorn-55362.exe
3668	Unicorn-44501.exe
1220	Unicorn-13774.exe
5096	Unicorn-17593.exe
3640	Unicorn-54707.exe
4696	Unicorn-32825.exe
1752	Unicorn-32825.exe
4648	Unicorn-52.exe
4968	Unicorn-51854.exe
4744	Unicorn-1091.exe
1644	Unicorn-1091.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
6476	224	WerFault.exe	243
6628	224	WerFault.exe	243
8960	5444	WerFault.exe	221
7636	7432	WerFault.exe	359
16212	7332	WerFault.exe	357
17608	15084	WerFault.exe	754
3516	14356	WerFault.exe	783
13968	6584	Process not Found	291

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2612	dwm.exe
Token: SeChangeNotifyPrivilege	2612	dwm.exe
Token: 33	2612	dwm.exe
Token: SeIncBasePriorityPrivilege	2612	dwm.exe
Token: SeCreateGlobalPrivilege	13532	Process not Found
Token: SeChangeNotifyPrivilege	13532	Process not Found
Token: 33	13532	Process not Found
Token: SeIncBasePriorityPrivilege	13532	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe
4324	Unicorn-61937.exe
4032	Unicorn-13888.exe
2072	Unicorn-63644.exe
1840	Unicorn-27847.exe
3272	Unicorn-47713.exe
2852	Unicorn-8818.exe
412	Unicorn-10856.exe
756	Unicorn-16733.exe
3304	Unicorn-16733.exe
380	Unicorn-24636.exe
1456	Unicorn-55627.exe
4184	Unicorn-5035.exe
1972	Unicorn-35761.exe
856	Unicorn-49497.exe
4896	Unicorn-55627.exe
848	Unicorn-53250.exe
5104	Unicorn-7578.exe
1512	Unicorn-54449.exe
4588	Unicorn-36478.exe
2068	Unicorn-16877.exe
3808	Unicorn-58533.exe
3476	Unicorn-58533.exe
4388	Unicorn-30612.exe
5088	Unicorn-30612.exe
4428	Unicorn-43519.exe
4928	Unicorn-27812.exe
3212	Unicorn-63385.exe
1236	Unicorn-16877.exe
4492	Unicorn-33235.exe
1572	Unicorn-462.exe
636	Unicorn-52264.exe
3420	Unicorn-11252.exe
4288	Unicorn-26197.exe
2892	Unicorn-38279.exe
2956	Unicorn-42098.exe
956	Unicorn-50531.exe
220	Unicorn-46447.exe
4216	Unicorn-46447.exe
1828	Unicorn-50531.exe
4464	Unicorn-50531.exe
4576	Unicorn-56653.exe
4700	Unicorn-8107.exe
1824	Unicorn-12191.exe
4704	Unicorn-23126.exe
4884	Unicorn-41401.exe
1640	Unicorn-60737.exe
5076	Unicorn-19805.exe
3112	Unicorn-60737.exe
2536	Unicorn-23889.exe
4860	Unicorn-47002.exe
2144	Unicorn-1065.exe
1552	Unicorn-14521.exe
1504	Unicorn-55362.exe
232	Unicorn-5606.exe
1220	Unicorn-13774.exe
3668	Unicorn-44501.exe
5096	Unicorn-17593.exe
3640	Unicorn-54707.exe
4696	Unicorn-32825.exe
1752	Unicorn-32825.exe
4968	Unicorn-51854.exe
4648	Unicorn-52.exe
4744	Unicorn-1091.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 4324	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	87
PID 4820 wrote to memory of 4324	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	87
PID 4820 wrote to memory of 4324	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	87
PID 4324 wrote to memory of 4032	4324	Unicorn-61937.exe	92
PID 4324 wrote to memory of 4032	4324	Unicorn-61937.exe	92
PID 4324 wrote to memory of 4032	4324	Unicorn-61937.exe	92
PID 4820 wrote to memory of 2072	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	93
PID 4820 wrote to memory of 2072	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	93
PID 4820 wrote to memory of 2072	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	93
PID 4032 wrote to memory of 2852	4032	Unicorn-13888.exe	95
PID 4032 wrote to memory of 2852	4032	Unicorn-13888.exe	95
PID 4032 wrote to memory of 2852	4032	Unicorn-13888.exe	95
PID 4324 wrote to memory of 1840	4324	Unicorn-61937.exe	97
PID 4324 wrote to memory of 1840	4324	Unicorn-61937.exe	97
PID 4324 wrote to memory of 1840	4324	Unicorn-61937.exe	97
PID 2072 wrote to memory of 3272	2072	Unicorn-63644.exe	96
PID 2072 wrote to memory of 3272	2072	Unicorn-63644.exe	96
PID 2072 wrote to memory of 3272	2072	Unicorn-63644.exe	96
PID 4820 wrote to memory of 412	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	98
PID 4820 wrote to memory of 412	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	98
PID 4820 wrote to memory of 412	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	98
PID 3272 wrote to memory of 756	3272	Unicorn-47713.exe	101
PID 1840 wrote to memory of 3304	1840	Unicorn-27847.exe	102
PID 3272 wrote to memory of 756	3272	Unicorn-47713.exe	101
PID 3272 wrote to memory of 756	3272	Unicorn-47713.exe	101
PID 1840 wrote to memory of 3304	1840	Unicorn-27847.exe	102
PID 1840 wrote to memory of 3304	1840	Unicorn-27847.exe	102
PID 2072 wrote to memory of 1972	2072	Unicorn-63644.exe	103
PID 2072 wrote to memory of 1972	2072	Unicorn-63644.exe	103
PID 2072 wrote to memory of 1972	2072	Unicorn-63644.exe	103
PID 412 wrote to memory of 4896	412	Unicorn-10856.exe	104
PID 412 wrote to memory of 4896	412	Unicorn-10856.exe	104
PID 412 wrote to memory of 4896	412	Unicorn-10856.exe	104
PID 2852 wrote to memory of 1456	2852	Unicorn-8818.exe	106
PID 2852 wrote to memory of 1456	2852	Unicorn-8818.exe	106
PID 2852 wrote to memory of 1456	2852	Unicorn-8818.exe	106
PID 4324 wrote to memory of 856	4324	Unicorn-61937.exe	105
PID 4324 wrote to memory of 856	4324	Unicorn-61937.exe	105
PID 4324 wrote to memory of 856	4324	Unicorn-61937.exe	105
PID 4820 wrote to memory of 380	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	107
PID 4820 wrote to memory of 380	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	107
PID 4820 wrote to memory of 380	4820	42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe	107
PID 4032 wrote to memory of 4184	4032	Unicorn-13888.exe	108
PID 4032 wrote to memory of 4184	4032	Unicorn-13888.exe	108
PID 4032 wrote to memory of 4184	4032	Unicorn-13888.exe	108
PID 3272 wrote to memory of 848	3272	Unicorn-47713.exe	109
PID 3272 wrote to memory of 848	3272	Unicorn-47713.exe	109
PID 3272 wrote to memory of 848	3272	Unicorn-47713.exe	109
PID 756 wrote to memory of 5104	756	Unicorn-16733.exe	110
PID 756 wrote to memory of 5104	756	Unicorn-16733.exe	110
PID 756 wrote to memory of 5104	756	Unicorn-16733.exe	110
PID 3304 wrote to memory of 1512	3304	Unicorn-16733.exe	111
PID 3304 wrote to memory of 1512	3304	Unicorn-16733.exe	111
PID 3304 wrote to memory of 1512	3304	Unicorn-16733.exe	111
PID 4184 wrote to memory of 3808	4184	Unicorn-5035.exe	113
PID 4184 wrote to memory of 3808	4184	Unicorn-5035.exe	113
PID 4184 wrote to memory of 3808	4184	Unicorn-5035.exe	113
PID 1972 wrote to memory of 3476	1972	Unicorn-35761.exe	112
PID 1972 wrote to memory of 3476	1972	Unicorn-35761.exe	112
PID 1972 wrote to memory of 3476	1972	Unicorn-35761.exe	112
PID 1456 wrote to memory of 3212	1456	Unicorn-55627.exe	114
PID 1456 wrote to memory of 3212	1456	Unicorn-55627.exe	114
PID 1456 wrote to memory of 3212	1456	Unicorn-55627.exe	114
PID 1840 wrote to memory of 4428	1840	Unicorn-27847.exe	115

C:\Users\Admin\AppData\Local\Temp\42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\42aae421abd60c8b9cd725e21e34a5f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        9⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        10⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        10⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        10⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        10⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        9⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        9⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        9⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        9⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        9⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        9⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        9⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        8⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        8⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        8⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        9⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        9⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        8⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        8⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        8⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        8⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        7⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        8⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        8⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        7⤵
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        7⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        8⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        8⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5268.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49461.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        9⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        9⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        9⤵
        
        PID:17856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        8⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        8⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        7⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        6⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 464
        7⤵
        Program crash
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        6⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        8⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        7⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        7⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        6⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        6⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        6⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        5⤵
        
        PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        9⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        9⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        9⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        9⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29040.exe
        8⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        8⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        8⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
        8⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        8⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        7⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        7⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        7⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        6⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        8⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        7⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        7⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        7⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        7⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36432.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        6⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26955.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        8⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        7⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54654.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        8⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        6⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59841.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        6⤵
        
        PID:17240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        6⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        5⤵
        
        PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        5⤵
        
        PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5260.exe
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        5⤵
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        5⤵
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
      4⤵
      PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
      4⤵
      PID:3408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        10⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        10⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        9⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        9⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61303.exe
        8⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        8⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        9⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        9⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        8⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        7⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        9⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        9⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        9⤵
        
        PID:18264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        9⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        8⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        8⤵
        
        PID:17508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        8⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        8⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        7⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        8⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        8⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        7⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        6⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        9⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        9⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        8⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        8⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
        8⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        7⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
        7⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        7⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        8⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        7⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        7⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        5⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        6⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        8⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        9⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        9⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        9⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        8⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        8⤵
        
        PID:18412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        7⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        7⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
        7⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        6⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        7⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        7⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        6⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        5⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        8⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        7⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
        6⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        7⤵
        
        PID:17564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        5⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        7⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        5⤵
        
        PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56670.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        6⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        6⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        5⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
      4⤵
      PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60504.exe
      4⤵
      PID:9956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49497.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        7⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        7⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        6⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        5⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        5⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        5⤵
        
        PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        5⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        5⤵
        
        PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        5⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60728.exe
        5⤵
        
        PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24965.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
      4⤵
      PID:17816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        5⤵
        
        PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
      4⤵
      PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
      4⤵
      PID:14260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
      4⤵
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        7⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        7⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        7⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        6⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
        5⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        6⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
        5⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        5⤵
        
        PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
      4⤵
      PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
      4⤵
      PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
      4⤵
      PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        5⤵
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
      4⤵
      PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
      4⤵
      PID:13084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
      4⤵
      PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
      4⤵
      PID:9652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
    3⤵
    PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
      4⤵
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
    3⤵
    PID:14680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
    3⤵
    PID:5340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64724.exe
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        8⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        8⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        8⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33282.exe
        7⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-46437.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-46437.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-44356.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-44356.exe
        8⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-15958.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        7⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45300.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        6⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        8⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        9⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
        9⤵
        
        PID:18396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        9⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        8⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        8⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        8⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        7⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        7⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        7⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        6⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
        6⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        9⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        9⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        7⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        7⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        6⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        6⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        8⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        7⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26248.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        7⤵
        
        PID:16436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        6⤵
        
        PID:15084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15084 -s 464
        7⤵
        Program crash
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        6⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-462.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        8⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        6⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-30319.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-30319.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-47926.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-47926.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-18376.exe
        7⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-5272.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-5272.exe
        7⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        6⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5802.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        7⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30847.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        6⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        6⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        5⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        5⤵
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        6⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        5⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        5⤵
        
        PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
      4⤵
      PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
      4⤵
      PID:14736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        5⤵
        Executes dropped EXE
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        8⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        7⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        7⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        6⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        7⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        6⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52447.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        5⤵
        
        PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        6⤵
        
        PID:18076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
        5⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        5⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        5⤵
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
      4⤵
      PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
      4⤵
      PID:10180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        8⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        8⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        7⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        7⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        5⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        6⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13847.exe
        6⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        5⤵
        
        PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        6⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        6⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        5⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
      4⤵
      PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
      4⤵
      PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
      4⤵
      PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
      4⤵
      PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        6⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40079.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        7⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        5⤵
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        5⤵
        
        PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
      4⤵
      PID:7332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 720
        5⤵
        Program crash
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
      4⤵
      PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      4⤵
      PID:10208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
    3⤵
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
      4⤵
      PID:5444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 632
        5⤵
        Program crash
        
        PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
      4⤵
      PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        5⤵
        
        PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
      4⤵
      PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
      4⤵
      PID:18068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
      4⤵
      PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
      4⤵
      PID:17364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
    3⤵
    PID:8640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
    3⤵
    PID:12436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
    3⤵
    PID:16732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
    3⤵
    PID:15216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
      4⤵
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        5⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        5⤵
        
        PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
      4⤵
      PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
      4⤵
      PID:8664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        6⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        5⤵
        
        PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
      4⤵
      PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
      4⤵
      PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
      4⤵
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65387.exe
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
      4⤵
      PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
      4⤵
      PID:8404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\UÅicorn-61979.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-61979.exe
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\UÅicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-8943.exe
        5⤵
        
        PID:14356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14356 -s 464
        6⤵
        Program crash
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\UÅicorn-40933.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-40933.exe
        5⤵
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
      4⤵
      PID:8172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
    3⤵
    PID:7344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
    3⤵
    PID:10532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
    3⤵
    PID:14780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
    3⤵
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\UÅicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-2389.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\UÅicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-5461.exe
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\UÅicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\UÅicorn-52606.exe
        5⤵
        
        PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
      4⤵
      PID:8264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
    3⤵
    PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
      4⤵
      PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
      4⤵
      PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      4⤵
      PID:9348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
    3⤵
    PID:10784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
    3⤵
    PID:14864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
    3⤵
    PID:7952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
      4⤵
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        6⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25996.exe
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
      4⤵
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        5⤵
        
        PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
      4⤵
      PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
    3⤵
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        5⤵
        
        PID:16752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
      4⤵
      PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
      4⤵
      PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
      4⤵
      PID:7200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
    3⤵
    PID:224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 224
      4⤵
      Program crash
      PID:6476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 276
      4⤵
      Program crash
      PID:6628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
    3⤵
    PID:7944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
    3⤵
    PID:12900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
    3⤵
    PID:1600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
      4⤵
      PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
      4⤵
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
      4⤵
      PID:17472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
    3⤵
    PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
    3⤵
    PID:12700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
    3⤵
    PID:17208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
  2⤵
  PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
    3⤵
    PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31471.exe
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
      4⤵
      PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
      4⤵
      PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
      4⤵
      PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
    3⤵
    PID:9092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
    3⤵
    PID:15976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
    3⤵
    PID:7048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
  2⤵
  PID:7664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
    3⤵
    PID:11820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
    3⤵
    PID:14852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
    3⤵
    PID:9664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
  2⤵
  PID:10912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
  2⤵
  PID:14968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
  2⤵
  PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 224 -ip 224
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 224 -ip 224
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5444 -ip 5444
1⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7432 -ip 7432
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7332 -ip 7332
1⤵
PID:16180

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe

Filesize
184KB

MD5
29b7bbe28030dc8bf568c7bf9d2b6f91

SHA1
8f05de69b8dbe6f642ab2a1e28aff7a49998e114

SHA256
62dc0989cbd45729a0818b728701cbb87d1f32bb1451f03c7068c72eacf936b7

SHA512
77520acb39d43b5b1ba4b82c0db6ebd9ac0da81854f4fca6b565a53e6f0a306a6c934c33e3f682c6c785d6a6f39c9464df9687c8ab7883d72165b7d82a7540b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe

Filesize
184KB

MD5
25cae5c26f36e2195c6ac9a70df18e7d

SHA1
1448edc493a27d84bd17c82403e9e4f61acb4250

SHA256
fb2bec004dcffc4a1654cd08cb3878abae3e1ee07ff27a3dcf209130e766cf11

SHA512
d7f5f49450dda3de0a82017ea3d0445d77abc686787bf3328d46047d82e7a7b52b32ba4a2edc74768aa6d84b3e2825a2ba03027f6109ef79567b23b52d9ed8f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe

Filesize
184KB

MD5
43a0749ce22a6a4d06dbd9d3660af5d8

SHA1
b855043620b2105504a1b2291eee42c2528f2b52

SHA256
159746935ba31160c466ece5ab13fe6566247ddf0ff9b9c63384c77f15f5a340

SHA512
308cfb170c3482bc96614c9d417f427849aabe23b8c552bbab82e5a53753da21ae0a973cb64e71ec7ee541a18ed65a873a58de73eb5be5f2d6baea231e96fe7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe

Filesize
184KB

MD5
12c197a03a554ba5b6c0a515fb01d5ad

SHA1
f8eddd72c3cdc1e1fe2c017b6884ef2ab2c77104

SHA256
2de1f958f302769512ba5348925819b0ec6d3c81b1181cc39368d165437e6b7b

SHA512
f0150d9947025ef8df4c6e6ffd2e874c3033c6db19c5724005382c6f3ad943b917eaa25cfcc60d673817433af2cf9b6e7514f3b589356faf3dcb166514ddb1ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe

Filesize
184KB

MD5
f74dba251b02f06bcfe83d007a5934c4

SHA1
d2f439c57c579d254f25ef6ad86d9e17a3e9fa9e

SHA256
be4b7e4526577c39b2014cf6c8920f957b260a269eabf90c52240ff7953ec6d5

SHA512
0f55eacfbdf19aff508c555ca4f642a0644be4abb7dd459a209a7a4755f6008cab747bec961dedc2a74f49b56e140cee0b80755f4e550edc056afc23bd685e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe

Filesize
184KB

MD5
ad35bc6ddc4ea4b33dc825c31cdb997a

SHA1
64e4ba0c8b70d70f4a9e8b81ee5b8559750f4aaa

SHA256
9af4afd956aefffed13da52753fad6835d0abb55402b286e4356c6d5301e3d24

SHA512
3601ddb8b24386e34e343d221a93a3461f36e339fa50d6da598e18ad8e3fea8ac3eaf3a40d375903bbf42ed02057d26505788379f1f9c4790f5f98c31ddd8119

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe

Filesize
184KB

MD5
6554d3789ed915bf3ca61b05515c47de

SHA1
5cf0bd92cc5596e2a7ef1691bcdbb957c3a4dc48

SHA256
48c2361e096fb49d40c24cec1c39b4b9f2a510b9378033a398aeb2ee9f2f36fc

SHA512
cce5513e3850d7ae26481ffc43361702d651bd6675e414f9efcf319b293082c23ac9bed0321d5271b1e2b12df9af54ae369b672ff6cc21935a2b4a9726c2da7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe

Filesize
184KB

MD5
be8fe86625cac5ee160640252cd81fa0

SHA1
c412626a68c83cca9eef52a90a5d981a9e27d1cc

SHA256
40f84d4ef8d7b022fdc9991042d9054c52ee5b3007e1ed8a92a0c8ab75c6517d

SHA512
7f820e5b040939c353f360fe1ea377a6bc6fa7a60b0ebb2605f8c2161375b8bf17c0c799839a85a5edfdfa073520694da48ab04bf6dd6d48e7aa1498b9073103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe

Filesize
184KB

MD5
1994cabef39dceb140b5e9fe31c5c073

SHA1
3c535994145854a5de8869cae059f738eb4015c9

SHA256
5de82c4e9dd4e8ae289a8487ec85f534b536432e8b5a080069d0722d06ed3c10

SHA512
9ee496259b3cfd08a402fdf880cd03c42258305ad9dd7a032d4aba3a7166e0ee6411e3c748370cff47249ee415b33e56c69a3410f0709c88b6bd0a640c974cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe

Filesize
184KB

MD5
98cc2a1bbf61df1bcbbcc81bb1d55113

SHA1
e4bfecae2fe77acaf7768566216c773c29b38485

SHA256
c738f6ac238c53ee598a05a0cf194f65f5a313b701a11dc2fb58e2c22e73a118

SHA512
b5bfadf8575b723dde5a6b14051b28cd060a7d51e4327e156cb2759aca8b7f740dc4492d8ca7006821df906372859e5253540e13db19a5204c0ba2c5610e9683

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe

Filesize
184KB

MD5
ee9cd2c830dff16692531147a6cccd92

SHA1
42db0985051c2c0da033090988c8fc1a7a31f7b7

SHA256
b7351ba0a4ee1fdea40bac3fab26a1987c68629bfa110bba4bc41647f62b4219

SHA512
e2fcfecfeba3e463a746563101cbed991569eaba73fe65f6f509e5d5c605e16451e015b7d58ab78a4703f270ee20743b9e0c4cedb961fa7be8cedb044061c291

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe

Filesize
184KB

MD5
ba81a857bd94ffe1d7e6c39e987a1ea0

SHA1
2abab49381d7905457351fec2e57d81f261debc9

SHA256
450caf7093de4ad7b45380189f3600a04614e5ca1e1796576e782b5f202f227d

SHA512
af73162a5f46080e3d83039f52ca2d001bd26efde1d68ffa41bc089d5e7b1debb4e473aaba1063c907ecf2dbed07c7c5bd92e7e0b011f214ab7742d566a4eb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe

Filesize
184KB

MD5
544bd17ba1dd15f5b759f9f02db8cbb7

SHA1
4062b49cbafc40027b1505ad2520dfb5d3458982

SHA256
e0e7c3ef938ab44451f3794b08040281953ee448b402987a7070bfc6765836e8

SHA512
e27b758d0d870dc83e14c5d8e9c0d2aa15dd68336ea2a80b151428d9faa3bd241becb584463ce6fbb828a6fceed523d27fe468c83b1b63514f4fa1cf3a1b9550

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe

Filesize
184KB

MD5
3d26d86540aaad03de084fed8ad2bf00

SHA1
628eea7bb4e1949122d11d02a2f60a183ba9d944

SHA256
768c8ef656a3b1c7ec1dd890442497fb496aeaad5bf3a1d86041f8a731ae0688

SHA512
d6078c8fad2bf41f2ba5ef8f436caecde9e8bba8d947da4f9a49dad6480733a6ff0626b275bf87490075890a631c695190c04355ca87af0a16a8b18c7e962fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe

Filesize
184KB

MD5
5ceb148457262221eedbc3344425a93a

SHA1
96822a9a51c0dbc568db4f65211bbfbfdb708bbb

SHA256
cafeb1b0cb8437266bc9c3fbb2a7c6aa726e5aa3215d4192aa012f99d7d5eaaa

SHA512
5e6fb687f28762e9dd7119989d1ec531a21ccc54dd859036116918621bd87373130c4cbf2a9a9ea361ae805752d182db882deabcd470db74fce47cf721da2965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe

Filesize
184KB

MD5
37c2a1e922fd357d1dc4e97f233ec884

SHA1
f91ebe4c41b44735f568a02baeb7793a249ae42b

SHA256
57328a0f3adc2711eddb0d75111657eb71dd0c462aed958f29cf2310ae0b1fc8

SHA512
d41b7f818f4947b99f865524c9dff29756515b8a0b311a5720ebfbe06e41c9cd842a760d3e76082b4956fe49abb6fcb866ce125d77e7a0f20bf69b6c24bc420e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe

Filesize
184KB

MD5
bf8929cf8aace99adf86ef4ab6633276

SHA1
f3c0e640b4d90d1e97b44b5465a1df5911bd7fd1

SHA256
31973078972a30957b4238e13cdc01e9401beee4dd95930b1bf24a2b837a15a6

SHA512
5d146e438dfeb15ea915ba6c782e241a4c3ee51ad26ee86dbc896f11ce93087fff8d76e0e5a2ef7dfcb13197174f8a5123d72b9abd4e60a0291b2596cc1cdcf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe

Filesize
184KB

MD5
af7b5de7fb989b19a4daecd4cc15a086

SHA1
e957ec68c2066cf1b76b5fe62344596f57f68765

SHA256
886cb909e64221ccde546de22ab50d378cd5d90c2621dd28f9638bd00f8133e4

SHA512
427d05d5cf309cb123be966c75c2660b8ebf8e2cdf7d40b9ecc3f84eea00c42e26df111e8c033fd4caa12f036785565df6198799bb0b3ac811c4a64b9fd41341

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-462.exe

Filesize
184KB

MD5
2cbddcc029f5e75b41afcdaf7381ef23

SHA1
332ae32cae6286e760bf37cc341254d6878e7eaf

SHA256
d2e59835ab460c95ea7484ba3404ca9aeaede7056ad9d38b41173a0ab5a4daa8

SHA512
9397b7d4ebc933a2cd77e98f4a7b6d0501570539f1f473d45513bafb89c668a2f5e615de047ac85665ebddca8ccaff85525302b093beb56f2d971ff52e98aed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe

Filesize
184KB

MD5
df258daf15cc4ba7604bf449c3d5b61d

SHA1
6ceb0100471a763e88d9e1fe72eb9fdb129af460

SHA256
a7e0de17275d6b6b60f6d5bf724bfd12eab8222a94a9f4d0cf3cfb3d385c976b

SHA512
0c5ed67194706fc6b322fc08941b86329edf00d202b1a66a1b6fedf562987d62e6c7610919b8641fb705ff4f2cf4e10980f1527c9d31d6b6850a86cfc13c8cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49497.exe

Filesize
184KB

MD5
24a27b43c046dc6c1c5ec8ec6c70f788

SHA1
2a14f973631bc0b46445bf2896a85512721eba48

SHA256
345ae3d09605b1453a5c8e6c3d1a9b6eebc69490b8a30f79699602d9e40da3a4

SHA512
96e535d89dd958a2651b7cfa57de6f420fa1f4b12f084f8f97e10230b7c408f6f7ac6f925490cde5eb0efad8ce1ac74e3b9657f2ea2bbfb83b1aea6290d49320

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe

Filesize
184KB

MD5
d8afdcb4a391b9cc09d74193f31e4016

SHA1
65228bc66d649b3912d0a9aec1b22345f96ed419

SHA256
18b0eaf91041f677ef014da20af536fd726ea9ff524676345af7c5e8a0447809

SHA512
eddd55bec32d344094787fbb1b8e00e7d80cf65644d5005706a0fea04c371849427dc8b0bf3196c994ace18da8c8df8b21211813f3dc532647dda6f8694796f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe

Filesize
184KB

MD5
10f391a6945e860878de976debeedbb5

SHA1
cd49f07c74d59db62c0581ee35413b30d8308b80

SHA256
815fb99efd38130a96c0111bd4718288e907c1f0c9462a8c1a36b6056f960d4c

SHA512
54e34f798907bb934955d5ea527c421a6e948f2e726284b7cc6211c4d08fba12ed969f629093ca09a61b9f930fbb2cf0362959d9e0719e8157413dbd3ff27414

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe

Filesize
184KB

MD5
17855e2b2ec47515c09dc55cb7be2c9f

SHA1
e8d6aa50af95e80fdef2cb2d1731bc90dc6b472a

SHA256
ab74d7d7cc42ba9876ce3f25f363fe1f3a832e63a81d758ba732e5020e93e56d

SHA512
5f4b71acbc4897c4a7ffc1736e98b5bf2a7ac19c7ea0b0abcc082f4d5fe6a96988494eec2f3c8c9fa7f796981951d16a80a00ad194897ce4ca5313c09f1dc473

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe

Filesize
184KB

MD5
e253d5bbd3b506ccb9fdb6655a2330ae

SHA1
8cdb02ceac17da5268dd7b9b635adfb6347c563a

SHA256
c0b37d1bff4d5f77d79944290cdb6b200cb5a3bcb5026462a317a3bb2ad18f64

SHA512
645ddbe21ba9b0e1031c934423fd5f86a1834990ebf1808866b6117c7c624ace1755bbcf19a955b8ecad0eb4909ac3603b5be317610a80ec58ce846e53b4380e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe

Filesize
184KB

MD5
8855f6a216ed7c7684a48f4113b047ba

SHA1
07d580211ed119e02c01ebda7f9ab9d1511b4e8e

SHA256
d09ba7e2d3eec12133ccb3a32da50905b0a0b78d2ffce22308c536aa1c3ded16

SHA512
f7d3c8d8bb6bff1dfab26320ae24f22a2c22574a90a49806ceae6e4d71a7be1801a135e498559d4681adfe1101a546833601154eac70d8ded2f43be8454919df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe

Filesize
184KB

MD5
79b95786d3fca6c2906ae56de5cf4d73

SHA1
21e7a97ce69a03b24236426d013cbc682fb9b3ee

SHA256
648eb36b48a675f69a75c1e0d26b3001b892921fe86dbaa9c8bf93648b14e06f

SHA512
fddb636b373e01ca55a3a5047960832e83504b8d5f4e1a8a0f0f51c4e9e5fc4552143550bd3d950d0d25fb168154ec173bfd6200317ed97e8bcd1d2ddf19080d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe

Filesize
184KB

MD5
8c3532a28c6be4cd44513d678dd08fdf

SHA1
4146e265cce9232fb1987cd14a5ede4ab5f2b6e8

SHA256
da8ae955e5560c8f4a3f0a4c74e18cacd2f5e7f1fc90e9b83d2cc50addd3f686

SHA512
ea6274e295696dc6be7cf6fecf8fea47259bfb67e6135b649ecd164c21af3937f902c6ada0852f7b7acf846bae1b3f20fef81d20ef628a62fe59bbc1421fe698

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe

Filesize
184KB

MD5
8367d41ab8086d19d4f01183ea2eb8ad

SHA1
2d53403e3e4f1f11ec6f59bba544940c571218f9

SHA256
360ee02c898711c9fa96196477a3640226000e85332835b5aac2bf88b0b9e489

SHA512
d8e5b288a6b37a1ff98618f9ae03d4de0488b505294a9c44110d9457b87c2a81afb80ad49e0ec52ad5c56b7d54a384294003424f46af14e7b03ccf0ba7fc779f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe

Filesize
184KB

MD5
b53bc46c3773cb05d4690ce497a56be1

SHA1
d031b2dde259180d1b8cb12bb81be1d4f0bddb0c

SHA256
601dc4f3fc70b50555170f8917ff273718c983336771101c10dc7570c8ad8ae6

SHA512
f439681add819607f4e2f6defdbdbea396d80de35980d4a52f28818223aff451b5303cad6704293c016b22c65d56ba58c40304348069b7719f29e6299cceb2e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe

Filesize
184KB

MD5
ead00b479982a1564d5f4f5f863bb43e

SHA1
06ae31370ca9fd473a50f2accbc63ea0c89ace0a

SHA256
91fa4660e8a9370cdfb362d22b5766d7c1cad2613aebc378c856b20d10c7a624

SHA512
34d09ba22b50d3450e161210ab522d5e82a3b27138cb9220ef2932d099a580994d63d61d2a8dced567133f89f1631d967bc4b5ae23885e6d46076408d2bacb99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8818.exe

Filesize
184KB

MD5
a2aaac893ac14af5b7614f08ff01fe6f

SHA1
b82d1927088f5543f1edc0eebfb28ec63c598a25

SHA256
3f4122fa8964919f016371970a4e97caa11e142c8743fe3b697a07719daaf6b5

SHA512
afb4eaabb522216b8c3ef4e9f0119bc30484af5e5ce105e63ff0547e8c83d92a115a36d9eeaebe6082495513852030a532bd5e5f8b7d15898b36ea92e9ac124a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads